From 23d0f51592ec1043f1cb63d70788147efe20ac73 Mon Sep 17 00:00:00 2001 From: johndalangin Date: Thu, 17 Sep 2015 15:53:58 +0800 Subject: [PATCH] Added cookie_secure configuration directive Seeing that cookie_secure is not yet added to the documentation, I took the liberty to add it myself. Thanks and hope this helps! --- .../18_Cookies_And_Sessions/02_Sessions.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/docs/en/02_Developer_Guides/18_Cookies_And_Sessions/02_Sessions.md b/docs/en/02_Developer_Guides/18_Cookies_And_Sessions/02_Sessions.md index 7a48fc53b..445e940b7 100644 --- a/docs/en/02_Developer_Guides/18_Cookies_And_Sessions/02_Sessions.md +++ b/docs/en/02_Developer_Guides/18_Cookies_And_Sessions/02_Sessions.md @@ -63,6 +63,17 @@ including form and page comment information. None of this is vital but `clear_al :::php Session::clear_all(); +## Secure Session Cookie + +In certain circumstances, you may want to use a different `session_name` cookie when using the `https` protocol for security purposes. To do this, you may set the `cookie_secure` parameter to `true` on your `config.yml` + + :::yml + Session: + cookie_secure: true + +This uses the session_name `SECSESSID` for `https` connections instead of the default `PHPSESSID`. Doing so adds an extra layer of security to your session cookie since you no longer share `http` and `https` sessions. + + ## API Documentation -* [api:Session] \ No newline at end of file +* [api:Session]