At least when using session cookies (but I suspect this is the same
with all cookie stores), Rails sends the Set-Cookie header in each
response. Is that really necessary if the cookie value does not
change? Are there any considerations for secure or httponly cookies?
My cookies contain information about the user that's logged in and
sometimes couple other pieces of information. Overall, they are read /
used on every request, but rarely changed. So why does Rails have to
send the session cookie back if the value is exactly the same as the
session cookie it received?
In a related question, I'm using Rails 3.1 currently and I can't
figure out how I could prevent cookie from being sent back if the
value hasn't changed. I'm assuming some patch to cookie jar. Any ideas?