Permalink
Browse files

Restore cookie store httponly default to true. Remove extraneous dup …

…of options on initialization [#1784 state:resolved]

Signed-off-by: Joshua Peek <josh@joshpeek.com>
  • Loading branch information...
1 parent 9cefd5e commit c090e5e0755bea3a7cd7135329f8dae6094810b6 Cody Fauser committed with josh Jan 20, 2009
@@ -45,7 +45,7 @@ class CookieStore
:domain => nil,
:path => "/",
:expire_after => nil,
- :httponly => false
+ :httponly => true
}.freeze
ENV_SESSION_KEY = "rack.session".freeze
@@ -56,8 +56,6 @@ class CookieStore
class CookieOverflow < StandardError; end
def initialize(app, options = {})
- options = options.dup
-
# Process legacy CGI options
options = options.symbolize_keys
if options.has_key?(:session_path)
@@ -94,7 +94,7 @@ def test_setting_session_value
with_test_route_set do
get '/set_session_value'
assert_response :success
- assert_equal ["_myapp_session=#{response.body}; path=/"],
+ assert_equal ["_myapp_session=#{response.body}; path=/; httponly"],
headers['Set-Cookie']
end
end
@@ -148,7 +148,7 @@ def test_setting_session_value_after_session_reset
get '/set_session_value'
assert_response :success
session_payload = response.body
- assert_equal ["_myapp_session=#{response.body}; path=/"],
+ assert_equal ["_myapp_session=#{response.body}; path=/; httponly"],
headers['Set-Cookie']
get '/call_reset_session'

0 comments on commit c090e5e

Please sign in to comment.