Securing Redmine session cookie: _redmine_session

Added by Ismael Morales Alcaide almost 4 years ago

Hi,

I´m using Redmine 2.1.4 and I need to configure the redmine cookie with the flag "secure".

In the config file: /config/application.rb the session store it´s configured:

config.session_store :cookie_store, :key => '_redmine_session'

It´s possible to configure something like this?:
config.session_store :cookie_store, :key => '_redmine_session', :secure => true

thanks.

Replies (3)

RE: Securing Redmine session cookie: _redmine_session - Added by Florian Kaiser almost 3 years ago

Hello,

I'm using Redmine 2.6.0 and your example is working fine for me!

RE: Securing Redmine session cookie: _redmine_session - Added by Sergey B almost 2 years ago

This approach is not universal. For example, after setting this option one won't be able to access redmine via http://localhost url.

RE: Securing Redmine session cookie: _redmine_session - Added by Ismael Morales Alcaide 9 months ago

Hi,

with Redmine 2.6.5 the problem continues. Same in Secure cookie not working

(1-3/3)