Secure and httponly options on cookie. (!1564) · Merge requests · Import/Export Testing Group / gitlabhq_1704157301 · GitLab

Do not update/delete: Banner broadcast message test data

Do not update/delete: Notification broadcast message test data

Matthias Käppler requested to merge github/fork/dosire/cookie_secure_setting into master Sep 26, 2012

Created by: dosire

If administrators enable config.force_ssl this code automatically tells clients to only send cookies over SSL, improving security by complying with OWASP recommendations: https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Rule_-Use.22Secure.22_Cookie_Flag

If config.force_ssl is not set there will be no effect.