Created
January 3, 2010 19:57
-
-
Save boone/268107 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # monkey patch to allow authlogic's *_credentials cookies set the HttpOnly bit | |
| # put this file in config/initializers/authlogic.rb and set the value after | |
| # instantiating your session model, e.g. | |
| # @user_session = UserSession.new(params[:user_session]) | |
| # @user_session.httponly = true | |
| module Authlogic | |
| module Session | |
| module Cookies | |
| module Config | |
| # If the cookie should have the HttpOnly value set. | |
| # | |
| # * <tt>Default:</tt> false | |
| # * <tt>Accepts:</tt> Boolean | |
| def httponly(value = nil) | |
| rw_config(:httponly, value, false) | |
| end | |
| alias_method :httponly=, :httponly | |
| end | |
| module InstanceMethods | |
| # Is the cookie set using the HttpOnly value? | |
| def httponly | |
| return @httponly if defined?(@httponly) | |
| @httponly = self.class.httponly | |
| end | |
| # Accepts a boolean as a flag to set httponly or not. | |
| def httponly=(value) | |
| @httponly = value | |
| end | |
| # See httponly | |
| def httponly? | |
| httponly == true || httponly == "true" || httponly == "1" | |
| end | |
| private | |
| def save_cookie | |
| controller.cookies[cookie_key] = { | |
| :value => "#{record.persistence_token}::#{record.send(record.class.primary_key)}", | |
| :expires => remember_me_until, | |
| :domain => controller.cookie_domain, | |
| :httponly => httponly | |
| } | |
| end | |
| end | |
| end | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment