ActionController::Base.session_options[:secure] = true
and now my app sets a different session_id cookie on every request to a
non ssl page, making the session useless.
If my session_id cookie is set by a request to a https page, and I stay
on https pages, my session_id cookie persists and I can see my session
If I navigate to an unencrypted page, my session_id gets reset and I
lose access to all my session data.
Is this how it's supposed to work? Is there a way to bounce back and
forth between http and https pages without resetting the session_id
cookie, and still only set the cookie securely.
Is there a way to only pass the session_id over ssl, but have the rest
of the page be unencrypted?