Setting up secure settings
Added by Eliseo Martín over 6 years ago
Hello there,
I'm running a Redmine 3.3.4 with Ruby 2.3.1 and Rails 4.2.7.1 and Passenger. The HTTPS seems working in the webbowser. But I would like to have secured cookies, I found some information here and there (Securing Redmine session cookie: _redmine_session #21697). But nothing finally works for me:
I have tried to modify the session_store in application.rb
config.session_store :cookie_store,
:key => '_redmine_session',
:secure => true,
:path => config.relative_url_root || '/'
I added
config.force_ssl = true
But this "broke" my application...
But when I login in my Redmine in Chrome I don't get a secured cookie.
I also read (#6792 https://stackoverflow.com/questions/29143594/) to modify the config/initializers/session_store.rb but that file doesn't exist.
So... how can I configure a secure cookie in redmine? Is it possible?