Merge pull request #215 from tms/auth-token-changes

Sign the auth token cookie and make it httpOnly

spec/controllers/session_controller_spec.rb

@@ -38,7 +38,7 @@ describe SessionController do
         end
 
         it 'sets a cookie with the auth token' do
-          cookies[:_t].should == user.auth_token
+          cookies.signed[:_t].should == user.auth_token
         end
       end