Secure and httponly options on cookie.
This commit is contained in:
parent
8ec956421c
commit
a58d311262
|
@ -1,6 +1,8 @@
|
|||
# Be sure to restart your server when you modify this file.
|
||||
|
||||
Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session'
|
||||
Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session',
|
||||
secure: Gitlab::Application.config.force_ssl,
|
||||
httponly: true
|
||||
|
||||
# Use the database for sessions instead of the cookie-based default,
|
||||
# which shouldn't be used to store highly confidential information
|
||||
|
|
Loading…
Reference in a new issue