Securing Redmine session cookie: _redmine_session

Added by Ismael Morales Alcaide almost 8 years ago

Hi,

I´m using Redmine 2.1.4 and I need to configure the redmine cookie with the flag "secure".

In the config file: /config/application.rb the session store it´s configured:

config.session_store :cookie_store, :key => '_redmine_session'

It´s possible to configure something like this?:
config.session_store :cookie_store, :key => '_redmine_session', :secure => true

thanks.

Replies (3)

RE: Securing Redmine session cookie: _redmine_session - Added by Florian Kaiser almost 7 years ago

Hello,

I'm using Redmine 2.6.0 and your example is working fine for me!

RE: Securing Redmine session cookie: _redmine_session - Added by Anonymous almost 6 years ago

This approach is not universal. For example, after setting this option one won't be able to access redmine via http://localhost url.

(1-3/3)