There is a Rails project. It works on https ( config.force_ssl = true ) and is located on a subdomain.

I need a cookie on the main domain and all its subdomains, ssl is only on where the cookie is created.

So I create a cookie:

cookies.permanent[:my_uid] = { value: @user.id, domain: :all, secure: false }

And here is what my browser writes about this cookie:

enter image description here

Because force_ssl: true , the cookie secure: false flag is ignored. How to avoid it?

  • Maybe this is an old cook? If you bang it beforehand, will it be the same? - D-side
  • killed and created a new, still protected - dluhhbiu

0