Skip to content
Browse files

config.force_ssl should mark the session as secure.

  • Loading branch information...
1 parent 70631e7 commit b745fe1e83df24990f8489a819bef62f4add49a5 @josevalim josevalim committed
Showing with 33 additions and 0 deletions.
  1. +3 −0 railties/lib/rails/application.rb
  2. +30 −0 railties/test/application/middleware/session_test.rb
View
3 railties/lib/rails/application.rb
@@ -266,6 +266,9 @@ def default_middleware_stack
middleware.use ::ActionDispatch::Cookies
if config.session_store
+ if config.force_ssl && !config.session_options.key?(:secure)
+ config.session_options[:secure] = true
+ end
middleware.use config.session_store, config.session_options
middleware.use ::ActionDispatch::Flash
end
View
30 railties/test/application/middleware/session_test.rb
@@ -0,0 +1,30 @@
+# encoding: utf-8
+require 'isolation/abstract_unit'
+require 'rack/test'
+
+module ApplicationTests
+ class MiddlewareSessionTest < ActiveSupport::TestCase
+ include ActiveSupport::Testing::Isolation
+ include Rack::Test::Methods
+
+ def setup
+ build_app
+ boot_rails
+ FileUtils.rm_rf "#{app_path}/config/environments"
+ end
+
+ def teardown
+ teardown_app
+ end
+
+ def app
+ @app ||= Rails.application
+ end
+
+ test "config.force_ssl sets cookie to secure only" do
+ add_to_config "config.force_ssl = true"
+ require "#{app_path}/config/environment"
+ assert app.config.session_options[:secure], "Expected session to be marked as secure"
+ end
+ end
+end

0 comments on commit b745fe1

Please sign in to comment.
Something went wrong with that request. Please try again.