On Apr 17, 7:54 am, Yuchen Zhou <[email protected]> wrote:
> Hi all,
>
> I am a security researcher at University of Virginia, I am currently
> doing research on HTTP-only cookie deployment. May I ask do ruby on
> rails support HTTP-only cookies, if yes, what is the default
> configuration for ruby on rails? In other words, do the HTTP servers
> need to set HTTP-only manually or it applies automatically?
>

Session cookies have been http-only by default for a while. If you
create extra cookies by yourself then it's up to you to decide whether
you want them http-only or not.

Fred
> Many thanks in advance,
>
> Yuchen
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ruby on Rails: Talk" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to 
> [email protected].
> For more options, visit this group 
> athttp://groups.google.com/group/rubyonrails-talk?hl=en.

-- 
You received this message because you are subscribed to the Google Groups "Ruby 
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/rubyonrails-talk?hl=en.

Reply via email to