Use http-only cookie for session

2016-08-02 23:41:45 -04:00 · 2016-08-02 23:41:45 -04:00 · 0b92a7fd6c
commit 0b92a7fd6c
parent e5a9035a61
1 changed files with 1 additions and 1 deletions
--- a/src/kemal/session.cr
+++ b/src/kemal/session.cr
@ -73,7 +73,7 @@ module Kemal
        id = SecureRandom.hex
      end

-      ctx.response.cookies[NAME] = id
+      ctx.response.cookies << HTTP::Cookie.new(name: NAME, value: id, http_only: true)
      @id = id
    end