tonyair
/
silverstripe-framework
mirror of https://github.com/silverstripe/silverstripe-framework
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Added cookie_secure configuration directive 

Seeing that cookie_secure is not yet added to the documentation, I took the liberty to add it myself.

Thanks and hope this helps!
This commit is contained in:
johndalangin 2015-09-17 15:53:58 +08:00
parent e64d73c1f7
commit 23d0f51592
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/en/02_Developer_Guides/18_Cookies_And_Sessions/02_Sessions.md
View File

@ -63,6 +63,17 @@ including form and page comment information. None of this is vital but `clear_al
:::php
Session::clear_all();
## Secure Session Cookie
In certain circumstances, you may want to use a different `session_name` cookie when using the `https` protocol for security purposes. To do this, you may set the `cookie_secure` parameter to `true` on your `config.yml`
:::yml
Session:
cookie_secure: true
This uses the session_name `SECSESSID` for `https` connections instead of the default `PHPSESSID`. Doing so adds an extra layer of security to your session cookie since you no longer share `http` and `https` sessions.
## API Documentation
* [api:Session]
* [api:Session]