Enable secure option if https is used.

This commit is contained in:
Marin Jankovski 2013-12-25 12:30:33 +01:00
parent 73af33e4b1
commit c447a2131d

View file

@ -4,7 +4,7 @@ Gitlab::Application.config.session_store(
:redis_store, # Using the cookie_store would enable session replay attacks.
servers: Gitlab::Application.config.cache_store.last, # re-use the Redis config from the Rails cache store
key: '_gitlab_session',
secure: Gitlab::Application.config.force_ssl,
secure: Gitlab.config.gitlab.https,
httponly: true,
path: (Rails.application.config.relative_url_root.nil?) ? '/' : Rails.application.config.relative_url_root
)