From 1b43cb520382d475a08a739993c3432334aa6766 Mon Sep 17 00:00:00 2001
From: JamesFerguson <james.ferguson7@gmail.com>
Date: Wed, 22 Dec 2010 16:04:54 +1100
Subject: [PATCH] Added assertion testing that remember_user_token cookie is
 flagged as HttpOnly.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: José Valim <jose.valim@gmail.com>
---
 test/integration/rememberable_test.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/test/integration/rememberable_test.rb b/test/integration/rememberable_test.rb
index 858fc58c..62e33ecc 100644
--- a/test/integration/rememberable_test.rb
+++ b/test/integration/rememberable_test.rb
@@ -69,6 +69,7 @@ class RememberMeTest < ActionController::IntegrationTest
     assert_response :success
     assert warden.authenticated?(:user)
     assert warden.user(:user) == user
+    assert_match /remember_user_token[^\n]*HttpOnly\n/, response.headers["Set-Cookie"], "Expected Set-Cookie header in response to set HttpOnly flag on remember_user_token cookie."
   end
 
   test 'does not extend remember period through sign in' do
@@ -176,4 +177,4 @@ class RememberMeTest < ActionController::IntegrationTest
     get users_path
     assert_not warden.authenticated?(:user)
   end
-end
\ No newline at end of file
+end