#150 new
Jurand

Security improvement

Reported by Jurand | October 3rd, 2009 @ 06:26 PM

Currently, there is no possibility to set "SECURE" and "HTTPONLY" flags to Authlogic's session cookie. To do this I had to monkey patch Authlogic plugin. Such a feature will be very handy. Below is my monkey patch:

module Authlogic
module Session module Cookies module InstanceMethods def save_cookie controller.cookies[cookie_key] = { :value => "#{record.persistence_token}::#{record.send(record.class.primary_key)}", :expires => remember_me_until, :domain => controller.cookie_domain, :secure => true, :httponly => true } end end end end end

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Object based authentication solution that handles all of the non sense for you. It's as easy as ActiveRecord is with a database.

People watching this ticket

Tags

Pages