Commit 2ff36e74eba44b7a972fdb21774f45a27492e69e
Exists in
master
and in
4 other branches
Merge pull request #1564 from dosire/cookie_secure_setting
Secure and httponly options on cookie.
Showing
1 changed file
with
3 additions
and
1 deletions
Show diff stats
config/initializers/session_store.rb
| 1 | # Be sure to restart your server when you modify this file. | 1 | # Be sure to restart your server when you modify this file. |
| 2 | 2 | ||
| 3 | -Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session' | 3 | +Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session', |
| 4 | + secure: Gitlab::Application.config.force_ssl, | ||
| 5 | + httponly: true | ||
| 4 | 6 | ||
| 5 | # Use the database for sessions instead of the cookie-based default, | 7 | # Use the database for sessions instead of the cookie-based default, |
| 6 | # which shouldn't be used to store highly confidential information | 8 | # which shouldn't be used to store highly confidential information |