Session IDs being created for non-SSL access

chrisboyle / cbn

Rails 2.x project for my own site

http://chris.boyle.name/projects/cbn

MIT License

1 stars 0 forks source link

Session IDs being created for non-SSL access #25

Closed chrisboyle closed 14 years ago

chrisboyle commented 14 years ago

This app uses secure sessions, i.e. the session cookie has the secure flag set and will only be sent over SSL, but I'm still seeing pointless Set-Cookie headers for the session when I make a non-SSL request.

chrisboyle commented 14 years ago

Fixed by commit 6f6b2f950fc6f21aaeb073e410d7b96552401f1f.