#150 new
Jurand

Security improvement

Reported by Jurand | October 3rd, 2009 @ 06:26 PM

Currently, there is no possibility to set "SECURE" and "HTTPONLY" flags to Authlogic's session cookie. To do this I had to monkey patch Authlogic plugin. Such a feature will be very handy. Below is my monkey patch:

module Authlogic
module Session

module Cookies
  module InstanceMethods
    def save_cookie
      controller.cookies[cookie_key] = {
        :value => "#{record.persistence_token}::#{record.send(record.class.primary_key)}",
        :expires => remember_me_until,
        :domain => controller.cookie_domain,
        :secure => true,
        :httponly => true
      }
    end
  end
end

end end

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Object based authentication solution that handles all of the non sense for you. It's as easy as ActiveRecord is with a database.

People watching this ticket

Tags

Pages