At least when using session cookies (but I suspect this is the same with all cookie stores), Rails sends the Set-Cookie header in each response. Is that really necessary if the cookie value does not change? Are there any considerations for secure or httponly cookies?
My cookies contain information about the user that's logged in and sometimes couple other pieces of information. Overall, they are read / used on every request, but rarely changed. So why does Rails have to send the session cookie back if the value is exactly the same as the session cookie it received?
In a related question, I'm using Rails 3.1 currently and I can't figure out how I could prevent cookie from being sent back if the value hasn't changed. I'm assuming some patch to cookie jar. Any ideas?