diff options
| author | ivan <ivan> | 2012-01-21 04:01:54 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2012-01-21 04:01:54 +0000 |
| commit | 86b5edc2d448cb9c8e90b76b77b21b09d69d8527 (patch) | |
| tree | f04fdad5337ec98bda507858648d83b4f7b921c3 /rt/etc/RT_Config.pm.in | |
| parent | c418b34fa051a2894a645f7df6d4dc1dfba12113 (diff) | |
rt 3.8.11
Diffstat (limited to 'rt/etc/RT_Config.pm.in')
| -rw-r--r-- | rt/etc/RT_Config.pm.in | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/rt/etc/RT_Config.pm.in b/rt/etc/RT_Config.pm.in index 94eea5ade..aa43985c1 100644 --- a/rt/etc/RT_Config.pm.in +++ b/rt/etc/RT_Config.pm.in @@ -1261,6 +1261,19 @@ via SSL encrypted HTTP connections. Set($WebSecureCookies, 0); +=item C<$WebHttpOnlyCookies> + +Default RT's session cookie to not being directly accessible to +javascript. The content is still sent during regular and AJAX requests, +and other cookies are unaffected, but the session-id is less +programmatically accessible to javascript. Turning this off should only +be necessary in situations with odd client-side authentication +requirements. + +=cut + +Set($WebHttpOnlyCookies, 1); + =item C<$WebFlushDbCacheEveryRequest> By default, RT clears its database cache after every page view. |