tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #4612 from johndalangin/patch-4

Browse Source 
Added cookie_secure configuration directive
This commit is contained in:
Damian Mooyman 2015-12-22 16:36:05 +13:00
commit d63441623a
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/en/02_Developer_Guides/18_Cookies_And_Sessions/02_Sessions.md
View File

@ -63,6 +63,17 @@ including form and page comment information. None of this is vital but `clear_al
:::php
Session::clear_all();
## Secure Session Cookie
In certain circumstances, you may want to use a different `session_name` cookie when using the `https` protocol for security purposes. To do this, you may set the `cookie_secure` parameter to `true` on your `config.yml`
:::yml
Session:
cookie_secure: true
This uses the session_name `SECSESSID` for `https` connections instead of the default `PHPSESSID`. Doing so adds an extra layer of security to your session cookie since you no longer share `http` and `https` sessions.
## API Documentation
* [api:Session]
* [api:Session]