Hi all,
I am a security researcher at University of Virginia, I am currently
doing research on HTTP-only cookie deployment. May I ask do ruby on
rails support HTTP-only cookies, if yes, what is the default
configuration for ruby on rails? In other words, do the HTTP servers
need to set HTTP-only manually or it applies automatically?
Many thanks in advance,
Yuchen
On Apr 17, 7:54 am, Yuchen Z. [email protected] wrote:
Hi all,
I am a security researcher at University of Virginia, I am currently
doing research on HTTP-only cookie deployment. May I ask do ruby on
rails support HTTP-only cookies, if yes, what is the default
configuration for ruby on rails? In other words, do the HTTP servers
need to set HTTP-only manually or it applies automatically?
Session cookies have been http-only by default for a while. If you
create extra cookies by yourself then it’s up to you to decide whether
you want them http-only or not.
Fred
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs