On Apr 17, 7:54 am, Yuchen Zhou <[email protected]> wrote: > Hi all, > > I am a security researcher at University of Virginia, I am currently > doing research on HTTP-only cookie deployment. May I ask do ruby on > rails support HTTP-only cookies, if yes, what is the default > configuration for ruby on rails? In other words, do the HTTP servers > need to set HTTP-only manually or it applies automatically? >
Session cookies have been http-only by default for a while. If you create extra cookies by yourself then it's up to you to decide whether you want them http-only or not. Fred > Many thanks in advance, > > Yuchen > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group > athttp://groups.google.com/group/rubyonrails-talk?hl=en. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

