Skip to content

Secure and httponly options on cookie.

Ramya Authappan requested to merge github/fork/dosire/cookie_secure_setting into master

Created by: dosire

If administrators enable config.force_ssl this code automatically tells clients to only send cookies over SSL, improving security by complying with OWASP recommendations: https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Rule_-Use.22Secure.22_Cookie_Flag

If config.force_ssl is not set there will be no effect.

Merge request reports

Loading