Feature #982: option to set secure flag on session and autologin cookie - Redmine

Feature #982

option to set secure flag on session and autologin cookie

Added by Dylan Wilder-Tack about 12 years ago. Updated about 9 years ago.

Status:

New

Start date:

2008-04-03

Priority:

Low

Due date:

Assignee:

% Done:

Category:

Accounts / authentication

Target version:

Resolution:

Description

Is it possible to have a GUI setting to control the secure flag on the session and autologin cookies? I was able to set them by making the changes below:

app/controllers/account_controller.rb
cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now, :secure => true }

config/environment.rb
ActionController::Base.session_options[:session_secure] = true

thanks!

Related issues

History

#1 Updated by S Reid over 9 years ago

Any plans to implement this ? I think it's needed to avoid HTTP Session hijacking ?

#2 Updated by Toshi MARUYAMA about 9 years ago

Category set to Accounts / authentication

Also available in: Atom PDF

Redmine

Issues

Custom queries

Feature #982

option to set secure flag on session and autologin cookie

History

#1 Updated by S Reid over 9 years ago

#2 Updated by Toshi MARUYAMA about 9 years ago