Skip to content
Snippets Groups Projects
Commit 07dbd3da authored by Tim van Dijen's avatar Tim van Dijen
Browse files

Secure cookies by default

parent 87c24c36
No related branches found
No related tags found
No related merge requests found
......@@ -553,7 +553,7 @@ $config = [
* through https. If the user can access the service through
* both http and https, this must be set to FALSE.
*/
'session.cookie.secure' => false,
'session.cookie.secure' => true,
/*
* Set the SameSite attribute in the cookie.
......@@ -790,7 +790,7 @@ $config = [
'language.cookie.name' => 'language',
'language.cookie.domain' => null,
'language.cookie.path' => '/',
'language.cookie.secure' => false,
'language.cookie.secure' => true,
'language.cookie.httponly' => false,
'language.cookie.lifetime' => (60 * 60 * 24 * 900),
'language.cookie.samesite' => $httpUtils->canSetSameSiteNone() ? 'None' : null,
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment