Comments on: HttpOnly Session Cookies using ActiveRecordStore in Rails 2.2 http://www.scatmania.org/2008/12/29/httponly-session-cookies-using-activerecordstore-in-rails-22/ Scatman Dan's stuff Mon, 08 Mar 2010 21:43:00 +0000 http://wordpress.org/?v=3.0-alpha hourly 1 By: Ægir http://www.scatmania.org/2008/12/29/httponly-session-cookies-using-activerecordstore-in-rails-22/#comment-2961 Ægir Wed, 24 Jun 2009 12:17:00 +0000 http://blog.scatmania.org/?p=1449#comment-2961 Thanks for the patch. I did a smal modifycation that uses the rails configuration. class CGI::Cookie alias :original_initializer :initialize def initialize(name = '', *value) http_only = Rails.configuration.action_controller[:session][:session_http_only].nil? ? true : Rails.configuration.action_controller[:session][:session_http_only] if name.kind_of?(String) original_initializer({'name' => name, 'value' => value, 'http_only' => http_only}) else original_initializer(name.merge({'http_only' => http_only})) end end end Thanks for the patch.

I did a smal modifycation that uses the rails configuration.

class CGI::Cookie
alias :original_initializer :initialize

def initialize(name = ”, *value)
http_only = Rails.configuration.action_controller[:session][:session_http_only].nil? ? true : Rails.configuration.action_controller[:session][:session_http_only]

if name.kind_of?(String)
original_initializer({‘name’ => name, ‘value’ => value, ‘http_only’ => http_only})
else
original_initializer(name.merge({‘http_only’ => http_only}))
end
end
end

]]>