diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 36c5f4666a70133ffcf4624d9684dcca599d8ac1..e777ae2b78dd2f1cb38e4f4d9e941012c511fcb2 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -1,6 +1,8 @@ # Be sure to restart your server when you modify this file. -Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session' +Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session', + secure: Gitlab::Application.config.force_ssl, + httponly: true # Use the database for sessions instead of the cookie-based default, # which shouldn't be used to store highly confidential information