document these non-well-named Apache::AuthCookieHandler options

author: Ivan Kohler <ivan@freeside.biz> 2016-09-25 11:12:10 -0700
committer: Ivan Kohler <ivan@freeside.biz> 2016-09-25 11:12:10 -0700
commit: da2a324142fb3627effcbe878ea866d3e56ab6cb (patch)
tree: eeeec3040d2d2d813d5f4c553a8908e8115964f1 /htetc
parent: a2152e2a317c71ea265d077fa224df18cb01218f (diff)
2 files changed, 4 insertions, 4 deletions
diff --git a/htetc/freeside-base2.4.conf b/htetc/freeside-base2.4.conf
index f0b44d7..ee716f3 100644
--- a/htetc/freeside-base2.4.conf
+++ b/htetc/freeside-base2.4.conf
@@ -20,8 +20,8 @@ PerlAddAuthzProvider user FS::AuthCookieHandler24->authz_handler
 #XXX need to also work properly for installs w/o /freeside/ in path
 PerlSetVar FreesideLoginScript /freeside/loginout/login.html
 
-#PerlSetVar FreesideEverSecure 1
-PerlSetVar FreesideHttpOnly 1
+#PerlSetVar FreesideSecure 1 #disables HTTP, so HTTPS only
+PerlSetVar FreesideHttpOnly 1 #limits cookie theft via JS
 
 <Directory %%%FREESIDE_DOCUMENT_ROOT%%%>
 
diff --git a/htetc/freeside-base2.conf b/htetc/freeside-base2.conf
index 309279d..6a1d2fb 100644
--- a/htetc/freeside-base2.conf
+++ b/htetc/freeside-base2.conf
@@ -18,8 +18,8 @@ PerlModule FS::AuthCookieHandler
 #XXX need to also work properly for installs w/o /freeside/ in path
 PerlSetVar FreesideLoginScript /freeside/loginout/login.html
 
-#PerlSetVar FreesideEverSecure 1
-PerlSetVar FreesideHttpOnly 1
+#PerlSetVar FreesideSecure 1 #disables HTTP, so HTTPS only
+PerlSetVar FreesideHttpOnly 1 #limits cookie theft via JS
 
 <Directory %%%FREESIDE_DOCUMENT_ROOT%%%>
author	Ivan Kohler <ivan@freeside.biz>	2016-09-25 11:12:10 -0700
committer	Ivan Kohler <ivan@freeside.biz>	2016-09-25 11:12:10 -0700
commit	da2a324142fb3627effcbe878ea866d3e56ab6cb (patch)
tree	eeeec3040d2d2d813d5f4c553a8908e8115964f1 /htetc
parent	a2152e2a317c71ea265d077fa224df18cb01218f (diff)