Feature #982

option to set secure flag on session and autologin cookie

Added by Dylan Wilder-Tack over 9 years ago. Updated over 6 years ago.

Status:NewStart date:2008-04-03
Priority:LowDue date:
Assignee:-% Done:

0%

Category:Accounts / authentication
Target version:-
Resolution:

Description

Is it possible to have a GUI setting to control the secure flag on the session and autologin cookies? I was able to set them by making the changes below:

app/controllers/account_controller.rb
cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now, :secure => true }

config/environment.rb
ActionController::Base.session_options[:session_secure] = true

thanks!


Related issues

Related to Redmine - Feature #1763: Autologin-cookie should be configurable Closed 2008-08-11

History

#1 Updated by S Reid almost 7 years ago

Any plans to implement this ? I think it's needed to avoid HTTP Session hijacking ?

#2 Updated by Toshi MARUYAMA over 6 years ago

  • Category set to Accounts / authentication

Also available in: Atom PDF