Permalink
Switch branches/tags
Find file
Fetching contributors…
Cannot retrieve contributors at this time
11 lines (11 sloc) 680 Bytes
==== Configuration options
:session_id_cookie_only<Boolean>::
If true, sessions may be passed only through cookies. If false, they may also
be passed through the session_id_key query param. This might be necessary for
flash uploaders, which do not pass cookies with file uploads. This can be
used in conjunction with :query_string_whitelist.
:query_string_whitelist<Array[String]>::
A list of "controller/action" URLs that should allow session IDs to be passed
through the query string even if :session_id_cookie_only is set to true. We
recommend using session.regenerate after any controller making use of this
in case someone is trying a session fixation attack.