Posted 24 days ago. Visible to the public. Linked content. Auto-destruct in 36 days

Updated: New Gem safe_cookies: Have your cookies as secure and HttpOnly as possible

Card is now deprecated and on auto-destruct.

The gem is no longer maintained, because flagging Secure is irrelevant when using HSTS.

Also, IE11 received HSTS support in 2015 so there is really no reason any more.

Note that security audits may still request Secure cookies. Don't try to discuss the sense of this requirement with them, just make them happy.

Once an application no longer requires constant development, it needs periodic maintenance for stable and secure operation. makandra offers monthly maintenance contracts that let you focus on your business while we make sure the lights stay on.

Owner of this card:

Arne Hartherz
Last edit:
24 days ago
by Arne Hartherz
About this deck:
We are makandra and do test-driven, agile Ruby on Rails software development.
License for source code
Posted by Arne Hartherz to makandra dev
This website uses cookies to improve usability and analyze traffic.
Accept or learn more