In my rails app, I am using a cookie called user_session
user can access my rails app using https or http they can configure it.
Problem user_session cookie is set to http only but I want to make it as secure too.
If user access my app using http then the cookie will be in http only if he is using https then it will be set as secure cookie. I don't want to use 2 different cookies.
Configuration:
SampleApp::Application.config.session_store :cookie_store, key: '_user_session'
If I force :secure => true
then this cookie is not available for the users who are all accessing in http request.
If any other details required please comment it out.
Aucun commentaire:
Enregistrer un commentaire