61edf27888
rails only allows to globally flag session cookies as either secure or not this patch sets the secure flag for cookies based on the protocol (http/https) this is used to send cookies via http but flag them secure for https which allows use with HTTP over Tor for an onion domain this is acceptable because nginx redirects clearnet http to https
9 lines
446 B
Ruby
9 lines
446 B
Ruby
# Be sure to restart your server when you modify this file.
|
|
|
|
# Use the database for sessions instead of the cookie-based default,
|
|
# which shouldn't be used to store highly confidential information
|
|
# (create the session table with "rails generate session_migration")
|
|
Redstoner::Application.config.session_store :active_record_store,
|
|
key: 'redstoner_session',
|
|
expire_after: 5.days,
|
|
secure: nil # see config/initializers/auto_secure_cookies.rb |