I am a security researcher at University of Virginia, I am currently
doing research on HTTP-only cookie deployment. May I ask do ruby on
rails support HTTP-only cookies, if yes, what is the default
configuration for ruby on rails? In other words, do the HTTP servers
need to set HTTP-only manually or it applies automatically?
Many thanks in advance,