Thanks for the patch.
I did a smal modifycation that uses the rails configuration.
class CGI::Cookie
alias :original_initializer :initialize
def initialize(name = ”, *value)
http_only = Rails.configuration.action_controller[:session][:session_http_only].nil? ? true : Rails.configuration.action_controller[:session][:session_http_only]
if name.kind_of?(String)
original_initializer({‘name’ => name, ‘value’ => value, ‘http_only’ => http_only})
else
original_initializer(name.merge({‘http_only’ => http_only}))
end
end
end