diff --git a/development.ini b/development.ini --- a/development.ini +++ b/development.ini @@ -142,6 +142,9 @@ beaker.session.key = rhodecode beaker.session.encrypt_key = g654dcno0-9873jhgfreyu beaker.session.validate_key = 9712sds2212c--zxc123 beaker.session.timeout = 36000 +beaker.session.httponly = true +# uncomment for https secure cookie +beaker.session.secure = false ##auto save the session to not to use .save() beaker.session.auto = False diff --git a/production.ini b/production.ini --- a/production.ini +++ b/production.ini @@ -142,6 +142,9 @@ beaker.session.key = rhodecode beaker.session.encrypt_key = g654dcno0-9873jhgfreyu beaker.session.validate_key = 9712sds2212c--zxc123 beaker.session.timeout = 36000 +beaker.session.httponly = true +# uncomment for https secure cookie +beaker.session.secure = false ##auto save the session to not to use .save() beaker.session.auto = False @@ -255,4 +258,4 @@ datefmt = %Y-%m-%d %H:%M:%S [formatter_color_formatter_sql] class=rhodecode.lib.colored_formatter.ColorFormatterSql format= %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s -datefmt = %Y-%m-%d %H:%M:%S \ No newline at end of file +datefmt = %Y-%m-%d %H:%M:%S diff --git a/rhodecode/config/deployment.ini_tmpl b/rhodecode/config/deployment.ini_tmpl --- a/rhodecode/config/deployment.ini_tmpl +++ b/rhodecode/config/deployment.ini_tmpl @@ -142,13 +142,17 @@ beaker.session.key = rhodecode beaker.session.encrypt_key = ${app_instance_secret} beaker.session.validate_key = ${app_instance_secret} beaker.session.timeout = 36000 +beaker.session.httponly = true +# uncomment for https secure cookie +beaker.session.secure = false ##auto save the session to not to use .save() beaker.session.auto = False ##true exire at browser close #beaker.session.cookie_expires = 3600 - + + ################################################################################ ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* ## ## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##