diff options
author | Marin Jankovski <maxlazio@gmail.com> | 2012-09-26 16:02:31 +0200 |
---|---|---|
committer | Marin Jankovski <maxlazio@gmail.com> | 2012-09-26 16:02:31 +0200 |
commit | a58d3112620a62240c5f98f1cc0111e89de6b543 (patch) | |
tree | b2fa238b3462d937fdc9e0423badb2e9a020c84e | |
parent | 8ec956421c5e94bc2a51e30414d85417c10404b8 (diff) | |
download | gitlab-ce-a58d3112620a62240c5f98f1cc0111e89de6b543.tar.gz |
Secure and httponly options on cookie.
-rw-r--r-- | config/initializers/session_store.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 36c5f4666a7..e777ae2b78d 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -1,6 +1,8 @@ # Be sure to restart your server when you modify this file. -Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session' +Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session', + secure: Gitlab::Application.config.force_ssl, + httponly: true # Use the database for sessions instead of the cookie-based default, # which shouldn't be used to store highly confidential information |