stevepolitodesign · gdurelle · Sep 30, 2022 · stevepolitodesign · Mar 17, 2023
diff --git a/lib/generators/rails_mvp_authentication/templates/authentication.rb.tt b/lib/generators/rails_mvp_authentication/templates/authentication.rb.tt
@@ -35,7 +35,7 @@ module Authentication
   end
 
   def remember(active_session)
-    cookies.permanent.encrypted[:remember_token] = active_session.remember_token
+    cookies.permanent.encrypted[:remember_token] = { value: active_session.remember_token, httponly: true, same_site: :strict, secure: true }
 test "should remember user when logging in" do 
   assert_nil cookies[:remember_token] 
   post login_path, params: { 
     user: { 
       email: @confirmed_user.email, 
       password: @confirmed_user.password, 
       remember_me: 1 
     } 
   } 
   assert_not_nil current_user 
   assert_not_nil cookies[:remember_token] 
 end 
 test "should remember user when logging in" do 
   assert_nil cookies[:remember_token] 
  
   post login_path, params: { 
     user: { 
       email: @confirmed_user.email, 
       password: @confirmed_user.password, 
       remember_me: 1 
     } 
   } 
  
   assert_not_nil current_user 
   assert_not_nil cookies[:remember_token] 
 end 
   end
 
   private
@@ -44,7 +44,7 @@ module Authentication
     Current.user = if session[:current_active_session_id].present?
       ActiveSession.find_by(id: session[:current_active_session_id])&.user
     elsif cookies.permanent.encrypted[:remember_token].present?
-      ActiveSession.find_by(remember_token: cookies.permanent.encrypted[:remember_token])&.user
+      ActiveSession.find_by(remember_token: cookies.permanent.encrypted[:remember_token].value)&.user
     end
   end
 
@@ -55,4 +55,4 @@ module Authentication
   def store_location
     session[:user_return_to] = request.original_url if request.get? && request.local?
   end
-end
+end