How do I set the session cookie's HttpOnly setting to false?

In Rails 4, you need to edit config/initializers/session_store.rb

Rails.application.config.session_store(  :cookie_store,  key: '_socializus_session',  httponly: false,)

ruby-on-rails session cookies httponly

This is how i did it with Rails 3:

Testapp::Application.config.session_store :cookie_store, key: '_testapp_session', :domain => :all, :httponly => false

ruby-on-rails session cookies httponly

I figured this out. In /config/environment.rb include this code:

  config.action_controller.session = {    :httponly => false  }

CodeHunter