How do I set the session cookie's HttpOnly setting to false?

ruby-on-rails session cookies httponly
kingjeffrey picture kingjeffrey · Apr 21, 2010 · Viewed 8k times · Source

In Ruby on Rails, how do I set the session cookie's httpOnly setting to false?

Answer

troelskn picture troelskn · Jul 12, 2013

In Rails 4, you need to edit config/initializers/session_store.rb

Rails.application.config.session_store(
  :cookie_store,
  key: '_socializus_session',
  httponly: false,
)

Related questions

Rails sessions current practices

Anyone have any "best practices" tips for Rails and sessions? The default session type for Rails 3 is still CookieStore, right? I used SqlSessionStore for a while and it worked well, but I may move away from that in favor of …

Read More
What does Rails 3 session_store domain :all really do?

Updated question to make it more clear I understand that you can set the domain of your session_store to share sessions between subdomains like this: Rails.application.config.session_store :cookie_store, :key => '_my_key', :domain => "…

Read More
Cookies vs Sessions with CookieStore

In Rails 3, what is the difference between storing data in a cookie and storing data in a session, with the session store set to the default of CookieStore? e.g. cookie[:foo] = 'bar' # MyApp::Application.config.session_store :cookie_store, …

Read More