Security improvement
Reported by Jurand | October 3rd, 2009 @ 06:26 PM
Currently, there is no possibility to set "SECURE" and "HTTPONLY" flags to Authlogic's session cookie. To do this I had to monkey patch Authlogic plugin. Such a feature will be very handy. Below is my monkey patch:
module Authlogic
module Session
module Cookies
module InstanceMethods
def save_cookie
controller.cookies[cookie_key] = {
:value => "#{record.persistence_token}::#{record.send(record.class.primary_key)}",
:expires => remember_me_until,
:domain => controller.cookie_domain,
:secure => true,
:httponly => true
}
end
end
end
end end
Comments and changes to this ticket
-
Peter Lyons November 15th, 2010 @ 11:53 PM
- Milestone order changed from “0” to “0”
Any update on this over a year later? I have this exact same need. Jurand, could you tell me exactly where you inserted that monkey patch code?
-
David Reese November 15th, 2010 @ 11:58 PM
Peter, just add it as a file in the config/initializers/ directory. (generally a great place for monkey patches!) It will get picked up & monkey-patches correctly from there.
-
David Reese November 15th, 2010 @ 11:59 PM
Ah, and I did one of these:
:secure => RAILS_ENV == 'production'
which makes things easier in development
-
Peter Lyons November 16th, 2010 @ 12:27 AM
Thanks for the tips, David. I was able to get it working! On the same note, any idea how to set these same 2 flags for the main rails session cookie?
-
Dorothy145 December 25th, 2018 @ 04:54 AM
Thank you for sharing article and information. this is very helpful for beginner. mybkexperience
-
Bryan Anderson December 27th, 2018 @ 05:19 AM
Very well compiled post. it is very informative SpotsinBlogs
-
George Oliver January 7th, 2019 @ 12:43 AM
very well written Post Thanks for the information
https://hiretablets.co.uk/ -
umesh January 7th, 2019 @ 09:05 AM
There comes a time in our life in which one of our daily use appliance has to be replaced, whether it is a microwave, oven, kitchen stove and even our beloved water heater.
-
Andrew Piana March 5th, 2019 @ 12:56 AM
Thank you for sharing article and information. this is very helpful for beginner. mybkexperience
link -
-
-
-
hendry March 21st, 2019 @ 05:54 AM
The security improvement the Authlogic session cookies are used for the best cable provider flag on purpose. For doing this monkey patch feature is used here. The module wise cookie code is used for this purpose.By going through this we get the idea.
-
khurasheed March 25th, 2019 @ 02:16 AM
There is some topic as security improvement on the site but there is nothing descriptive about the topic here. Would you mind giving assignment help uk review today? It would be great if some adds some info about the exact topic here for users to understand what it is all about because there are no pictures, videos or anything else for us to know.
-
mohit4sona March 25th, 2019 @ 08:00 AM
You are totally right. This post actually made my day. You can not imagine just how much time I
had spent for this info! Thanks!
https://www.viraltrench.com/best-free-sports-streaming-sites/ -
-
mefixogebe May 1st, 2019 @ 11:23 PM
You are thoroughly right. This post really filled my heart with joy. You can not envision exactly how much time I had spent for this information! Much obliged!
https://getmyoffercapital.xyz/
https://myestub.online/ -
-
john smith May 10th, 2019 @ 07:26 AM
thanks for the awesome tips
https://www.mygiftcardsitesx.com/
https://www.mysubwaycardx.com/ -
huja May 14th, 2019 @ 02:56 AM
You are absolutely right. This post really filled my heart with joy. You can not envision exactly how much time I
had spent for this information! Much obliged!mypremiercreditcard
rte rajasthan -
minianna1234567 June 11th, 2019 @ 01:01 AM
The information you shared with us is very interesting, thank you very much.
stick rpg 2
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Object based authentication solution that handles all of the non sense for you. It's as easy as ActiveRecord is with a database.
Ben Johnson
David Reese