mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Added cookie_secure configuration directive
Seeing that cookie_secure is not yet added to the documentation, I took the liberty to add it myself. Thanks and hope this helps!
This commit is contained in:
parent
e64d73c1f7
commit
23d0f51592
@ -63,6 +63,17 @@ including form and page comment information. None of this is vital but `clear_al
|
|||||||
:::php
|
:::php
|
||||||
Session::clear_all();
|
Session::clear_all();
|
||||||
|
|
||||||
|
## Secure Session Cookie
|
||||||
|
|
||||||
|
In certain circumstances, you may want to use a different `session_name` cookie when using the `https` protocol for security purposes. To do this, you may set the `cookie_secure` parameter to `true` on your `config.yml`
|
||||||
|
|
||||||
|
:::yml
|
||||||
|
Session:
|
||||||
|
cookie_secure: true
|
||||||
|
|
||||||
|
This uses the session_name `SECSESSID` for `https` connections instead of the default `PHPSESSID`. Doing so adds an extra layer of security to your session cookie since you no longer share `http` and `https` sessions.
|
||||||
|
|
||||||
|
|
||||||
## API Documentation
|
## API Documentation
|
||||||
|
|
||||||
* [api:Session]
|
* [api:Session]
|
||||||
|
Loading…
Reference in New Issue
Block a user