Project

General

Profile

Actions
Copy link

Feature #982

open

option to set secure flag on session and autologin cookie

Added by Dylan Wilder-Tack almost 15 years ago. Updated about 12 years ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
Accounts / authentication
Target version:
-
Start date:
2008-04-03
Due date:
% Done:

0%

Estimated time:
Resolution:

Description

Is it possible to have a GUI setting to control the secure flag on the session and autologin cookies? I was able to set them by making the changes below:

app/controllers/account_controller.rb
cookies[:autologin] = { :value => token.value, :expires => 1.year.from_now, :secure => true }

config/environment.rb
ActionController::Base.session_options[:session_secure] = true

thanks!

Related issues

Related to Redmine - Feature #1763: Autologin-cookie should be configurableClosed2008-08-11

Actions
Actions
Copy link
 #1

Updated by S Reid over 12 years ago

Any plans to implement this ? I think it's needed to avoid HTTP Session hijacking ?

Actions
Copy link
 #2

Updated by Toshi MARUYAMA about 12 years ago

  • Category set to Accounts / authentication
Actions
Copy link

Also available in: Atom PDF