Commit a58d3112 authored by Marin Jankovski's avatar Marin Jankovski

Secure and httponly options on cookie.

parent 8ec95642
# Be sure to restart your server when you modify this file.
Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session'
Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session',
secure: Gitlab::Application.config.force_ssl,
httponly: true
# Use the database for sessions instead of the cookie-based default,
# which shouldn't be used to store highly confidential information
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment