Sign the auth token cookie and make it httpOnly

2025-09-06 10:50:21 +08:00 · 2013-02-20 17:24:19 -05:00 · 2013-02-20 17:24:19 -05:00 · 5616fdc475
commit 5616fdc475
parent e914222cb3
3 changed files with 4 additions and 4 deletions
--- a/spec/controllers/session_controller_spec.rb
+++ b/spec/controllers/session_controller_spec.rb
@ -38,7 +38,7 @@ describe SessionController do
        end

        it 'sets a cookie with the auth token' do
-          cookies[:_t].should == user.auth_token
+          cookies.signed[:_t].should == user.auth_token
        end
      end