Commit 2ff36e74 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge pull request #1564 from dosire/cookie_secure_setting

Secure and httponly options on cookie.
parents cd9f135a a58d3112
# Be sure to restart your server when you modify this file. # Be sure to restart your server when you modify this file.
Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session' Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session',
secure: Gitlab::Application.config.force_ssl,
httponly: true
# Use the database for sessions instead of the cookie-based default, # Use the database for sessions instead of the cookie-based default,
# which shouldn't be used to store highly confidential information # which shouldn't be used to store highly confidential information
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment