How do I set the session cookie's HttpOnly setting to false?

In Rails 4, you need to edit config/initializers/session_store.rb

Rails.application.config.session_store(
  :cookie_store,
  key: '_socializus_session',
  httponly: false,
)

I figured this out. In /config/environment.rb include this code:

  config.action_controller.session = {
    :httponly => false
  }

This is how i did it with Rails 3:

Testapp::Application.config.session_store :cookie_store, key: '_testapp_session', :domain => :all, :httponly => false

Tags:

Ruby On Rails

Cookies

Session

Httponly

Recent Posts