Commit a58d3112620a62240c5f98f1cc0111e89de6b543
1 parent
8ec95642
Exists in
master
and in
4 other branches
Secure and httponly options on cookie.
Showing
1 changed file
with
3 additions
and
1 deletions
Show diff stats
config/initializers/session_store.rb
| 1 | # Be sure to restart your server when you modify this file. | 1 | # Be sure to restart your server when you modify this file. |
| 2 | 2 | ||
| 3 | -Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session' | 3 | +Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session', |
| 4 | + secure: Gitlab::Application.config.force_ssl, | ||
| 5 | + httponly: true | ||
| 4 | 6 | ||
| 5 | # Use the database for sessions instead of the cookie-based default, | 7 | # Use the database for sessions instead of the cookie-based default, |
| 6 | # which shouldn't be used to store highly confidential information | 8 | # which shouldn't be used to store highly confidential information |