secure_cookies_exist is missing an expiry

chrisboyle / cbn

Rails 2.x project for my own site

http://chris.boyle.name/projects/cbn

MIT License

1 stars 0 forks source link

secure_cookies_exist is missing an expiry #40

Closed chrisboyle closed 14 years ago

chrisboyle commented 14 years ago

The cookie "secure_cookies_exist" is supposed to cause a redirect to https so that secure (session/auth) cookies will be sent. Unfortunately it's missing an expiry time, making it a (browser-)session cookie, meaning that after the browser is closed and re-opened, the user is still signed in, but won't appear to be so until they browse to https of their own accord.

chrisboyle commented 14 years ago

Fixed by commit 3eb4fd526640736647816b293eb9ae86f63d83aa.