Notes posted by thecec

RSS feed
July 2, 2011 - (<= v3.0.9)
0 thanks

Available Options and their meaning

key

Name of the cookie for the session

secure

If true, session cookie is sent only to https hosts. This protects your app from session hijacking ( remember firesheep? )

expire_after

Self explanatory (e.g. 60.minutes)

domain

To which domain the cookie declares to be for

This very good post shows how to use :domain and :key to implement single-sign-on: http://itshouldbeuseful.wordpress.com/2011/02/02/rails-authlogic-and-single-sign-on/