Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Restore cookie store httponly default to true. Remove extraneous dup …

…of options on initialization [#1784 state:resolved]

Signed-off-by: Joshua Peek <josh@joshpeek.com>
  • Loading branch information...
commit c090e5e0755bea3a7cd7135329f8dae6094810b6 1 parent 9cefd5e
Cody Fauser authored josh committed
View
4 actionpack/lib/action_controller/session/cookie_store.rb
@@ -45,7 +45,7 @@ class CookieStore
:domain => nil,
:path => "/",
:expire_after => nil,
- :httponly => false
+ :httponly => true
}.freeze
ENV_SESSION_KEY = "rack.session".freeze
@@ -56,8 +56,6 @@ class CookieStore
class CookieOverflow < StandardError; end
def initialize(app, options = {})
- options = options.dup
-
# Process legacy CGI options
options = options.symbolize_keys
if options.has_key?(:session_path)
View
4 actionpack/test/controller/session/cookie_store_test.rb
@@ -94,7 +94,7 @@ def test_setting_session_value
with_test_route_set do
get '/set_session_value'
assert_response :success
- assert_equal ["_myapp_session=#{response.body}; path=/"],
+ assert_equal ["_myapp_session=#{response.body}; path=/; httponly"],
headers['Set-Cookie']
end
end
@@ -148,7 +148,7 @@ def test_setting_session_value_after_session_reset
get '/set_session_value'
assert_response :success
session_payload = response.body
- assert_equal ["_myapp_session=#{response.body}; path=/"],
+ assert_equal ["_myapp_session=#{response.body}; path=/; httponly"],
headers['Set-Cookie']
get '/call_reset_session'
Please sign in to comment.
Something went wrong with that request. Please try again.