Laurie Young Laurie Young - 5 months ago 33
Ruby Question

How do I set the HttpOnly flag on a cookie in Ruby on Rails

The page Protecting Your Cookies: HttpOnly explains why making HttpOnly cookies is a good idea.

How do I set this property in Ruby on Rails?


Set the 'http_only' option in the hash used to set a cookie


cookies["user_name"] = { :value => "david", :httponly => true }

or, in Rails 2:


cookies["user_name"] = { :value => "david", :http_only => true }