How do I set the session cookie's HttpOnly setting to false?
In Rails 4, you need to edit config/initializers/session_store.rb
Rails.application.config.session_store(
:cookie_store,
key: '_socializus_session',
httponly: false,
)
I figured this out. In /config/environment.rb
include this code:
config.action_controller.session = {
:httponly => false
}
This is how i did it with Rails 3:
Testapp::Application.config.session_store :cookie_store, key: '_testapp_session', :domain => :all, :httponly => false