From 2a12765933b4784741daea4e4a04f4f95915478d Mon Sep 17 00:00:00 2001 From: cktricky Date: Fri, 27 Jun 2014 12:05:50 -0400 Subject: [PATCH] slight change to make our cookie even more insecure --- config/initializers/session_store.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 4d6474a..045db16 100755 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -1,6 +1,6 @@ # Be sure to restart your server when you modify this file. -Railsgoat::Application.config.session_store :cookie_store, key: '_railsgoat_session' +Railsgoat::Application.config.session_store :cookie_store, key: '_railsgoat_session', httponly: false # Use the database for sessions instead of the cookie-based default, # which shouldn't be used to store highly confidential information