Rails 3 - secure cookie

Czy standardowo w Rails 3 cookie są “secure” czy też trzeba bawić się w takie tricki?

[quote]MyApp::Application.config.session_store :cookie_store, :key => ‘_my_app_session’,
:secure => Rails.env == ‘production’, # Only send cookie over SSL when in production mode
:httponly => true, # Don’t allow Javascript to access the cookie (mitigates cookie-based XSS exploits)
:expire_after => 60.minutes[/quote]