Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 11 lines (11 sloc) 0.68 kB
248c283 @wycats Parts of Merb::Controller ported over
wycats authored
1 ==== Configuration options
2 :session_id_cookie_only<Boolean>::
3 If true, sessions may be passed only through cookies. If false, they may also
4 be passed through the session_id_key query param. This might be necessary for
5 flash uploaders, which do not pass cookies with file uploads. This can be
6 used in conjunction with :query_string_whitelist.
7 :query_string_whitelist<Array[String]>::
8 A list of "controller/action" URLs that should allow session IDs to be passed
9 through the query string even if :session_id_cookie_only is set to true. We
10 recommend using session.regenerate after any controller making use of this
11 in case someone is trying a session fixation attack.
Something went wrong with that request. Please try again.