Enable secure option if https is used.

Marin Jankovski
1 parent 73af33e4
Showing 1 changed file with 1 additions and 1 deletions Show diff stats
config/initializers/session_store.rb
@@ -4,7 +4,7 @@ Gitlab::Application.config.session_store(
   :redis_store, # Using the cookie_store would enable session replay attacks.
   servers: Gitlab::Application.config.cache_store.last, # re-use the Redis config from the Rails cache store
   key: '_gitlab_session',
-  secure: Gitlab::Application.config.force_ssl,
+  secure: Gitlab.config.gitlab.https,
   httponly: true,
   path: (Rails.application.config.relative_url_root.nil?) ? '/' : Rails.application.config.relative_url_root
 )
...	...	@@ -4,7 +4,7 @@ Gitlab::Application.config.session_store(
4	4	:redis_store, # Using the cookie_store would enable session replay attacks.
5	5	servers: Gitlab::Application.config.cache_store.last, # re-use the Redis config from the Rails cache store
6	6	key: '_gitlab_session',
7		- secure: Gitlab::Application.config.force_ssl,
	7	+ secure: Gitlab.config.gitlab.https,
8	8	httponly: true,
9	9	path: (Rails.application.config.relative_url_root.nil?) ? '/' : Rails.application.config.relative_url_root
10	10	)
...	...