In a Rails controller, I can set a cookie like this: cookies[:foo] = bar

Question

0

Asked: May 17, 20262026-05-17T00:17:33+00:00 2026-05-17T00:17:33+00:00

In a Rails controller, I can set a cookie like this: cookies[:foo] = bar

0

In a Rails controller, I can set a cookie like this:

cookies[:foo] = "bar"

And specify that the “secure” (https-only) flag be on like this:

cookies[:foo, :secure => true] = "bar"

:secure is false by default. How can I have cookies be secure by default, application-wide?

This is on Rails 2.3.8

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-17T00:17:33+00:00

Editorial Team

2026-05-17T00:17:33+00:00Added an answer on May 17, 2026 at 12:17 am

Thanks @knx, you sent me down the right path. Here’s the monkeypatch I came up with, which seems to be working:

class ActionController::Response
  def set_cookie_with_security(key, value)
    value = { :value => value } if Hash != value.class
    value[:secure] = true
    set_cookie_without_security(key, value)
  end
  alias_method_chain :set_cookie, :security
end

What do you think?

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

In a Rails controller, I can set a cookie like this: cookies[:foo] = bar

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply