How can I make cookies secure (https-only) by default in rails?

Question

In a Rails controller, I can set a cookie like this:

cookies[:foo] = \"bar\"

And specify that the \"secure\" (https-only) flag be on like this:

Answer 1

You should look at the rack-ssl-enforcer gem. I was just looking for a clean answer to this and it solves the problem independent of which version of Rails you're on, plus it's extremely configurable.

Answer 2

# session only available over HTTPS
ActionController::Base.session_options[:secure] = true