Sign the auth token cookie and make it httpOnly

2025-02-25 18:55:32 -06:00 · 2013-02-20 17:24:19 -05:00
parent e914222cb3
commit 5616fdc475
3 changed files with 4 additions and 4 deletions
--- a/spec/controllers/session_controller_spec.rb
+++ b/spec/controllers/session_controller_spec.rb
@@ -38,7 +38,7 @@ describe SessionController do
        end

        it 'sets a cookie with the auth token' do
-          cookies[:_t].should == user.auth_token
+          cookies.signed[:_t].should == user.auth_token
        end
      end