Commit c447a213 authored by Marin Jankovski's avatar Marin Jankovski

Enable secure option if https is used.

parent 73af33e4
...@@ -4,7 +4,7 @@ Gitlab::Application.config.session_store( ...@@ -4,7 +4,7 @@ Gitlab::Application.config.session_store(
:redis_store, # Using the cookie_store would enable session replay attacks. :redis_store, # Using the cookie_store would enable session replay attacks.
servers: Gitlab::Application.config.cache_store.last, # re-use the Redis config from the Rails cache store servers: Gitlab::Application.config.cache_store.last, # re-use the Redis config from the Rails cache store
key: '_gitlab_session', key: '_gitlab_session',
secure: Gitlab::Application.config.force_ssl, secure: Gitlab.config.gitlab.https,
httponly: true, httponly: true,
path: (Rails.application.config.relative_url_root.nil?) ? '/' : Rails.application.config.relative_url_root path: (Rails.application.config.relative_url_root.nil?) ? '/' : Rails.application.config.relative_url_root
) )
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment