Commit 43b0357a

mo khan <mo@mokhan.ca>
2014-08-14 04:00:34
make cookie secure and expire in 2 weeks.
master
1 parent 120b341
Changed files (2)
app
controllers
sessions_controller.rb
models
user_session.rb
app/controllers/sessions_controller.rb
@@ -6,7 +6,12 @@ class SessionsController < ApplicationController
   def create
     if @session = UserSession.login(session_params[:username], session_params[:password])
       @session.access(request)
-      cookies.signed[:cookie_monster] = @session.key
+      cookies.signed[:cookie_monster] = {
+        value: @session.key,
+        secure: Rails.env.production? || Rails.env.staging?,
+        httponly: true,
+        expires: 2.weeks.from_now,
+      }
       redirect_to my_dashboard_path
     else
       flash[:error] = "invalid credentials"
app/models/user_session.rb
@@ -10,8 +10,8 @@ class UserSession < ActiveRecord::Base
 
   def access(request)
     self.accessed_at = Time.now
-    self.ip          = request.ip
-    self.user_agent  = request.user_agent
+    self.ip = request.ip
+    self.user_agent = request.user_agent
     save
   end