session cookie httponly false rails 3.1(session cookie httponly false rails 3.1)

session cookie httponly false rails 3.1(session cookie httponly false rails 3.1)

我正试图关闭httponly以用于phonegap。 我正在使用rails 3.1和devise，每个都报告（但没有记录）这样做的方法，其中没有一个工作：

# application.rb config.session_options = { :httponly => false } # no effect config.session = { :httponly => false } # undefined method `session=' # devise.rb config.cookie_options = { :httponly => false } # also no effect

测试我重新启动服务器，删除现有的cookie，并重新加载页面。 仍然在chrome调试器中检查了“Http”列。

帮帮我！

I'm trying to turn httponly off for use in phonegap. I'm useing rails 3.1 and devise, each of which have reported (but not documented) ways of doing this, none of which work:

# application.rb config.session_options = { :httponly => false } # no effect config.session = { :httponly => false } # undefined method `session=' # devise.rb config.cookie_options = { :httponly => false } # also no effect

to test I restarted the server, deleted the existing cookie, and reloaded the page. 'Http' column was still checked in the chrome debugger.

help!

最满意答案

这个小片段似乎有用：

Testapp::Application.config.session_store :cookie_store, key: '_testapp_session', :domain => :all, :httponly => false

This little snippet seems to work :

Testapp::Application.config.session_store :cookie_store, key: '_testapp_session', :domain => :all, :httponly => false