Merge pull request #1564 from dosire/cookie_secure_setting

Secure and httponly options on cookie.

Merge pull request #1564 from dosire/cookie_secure_setting
2ff36e74 · Dmitriy Zaporozhets · cd9f135a · a58d3112 · 2ff36e74
Commit 2ff36e74 authored 12 years ago by Dmitriy Zaporozhets
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
 # Be sure to restart your server when you modify this file.
  
-Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session'
+Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session',
+                                                      secure: Gitlab::Application.config.force_ssl,
+                                                      httponly: true
  
 # Use the database for sessions instead of the cookie-based default,
 # which shouldn't be used to store highly confidential information