Use secure default values for the session store. #7879

Closed
wants to merge 1 commit into
from
@@ -1,3 +1,8 @@
# Be sure to restart your server when you modify this file.
-<%= app_const %>.config.session_store :cookie_store, key: <%= "'_#{app_name}_session'" %>
+<%= app_const %>.config.session_store(
+ :cookie_store,
+ key: <%= "'_#{app_name}_session'" %>,
+ secure: <%= app_const %>.config.force_ssl,
+ httponly: true
+)