Forcing Secure Cookies Behind an ELB in Ruby/Rails

2019-04-30

As part of general security good practices, you should always (whenever possible):

use HTTPS to serve all requests
serve redirects to upgrade HTTP requests to HTTPS
set session cookies to secure and http_only
enable HTTP Strict Transport Security (HSTS)