diff options
| author | ivan <ivan> | 2012-01-21 03:59:16 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2012-01-21 03:59:16 +0000 |
| commit | 3e3a07a1f96d0e2f89cde0a33583c9b1276471f1 (patch) | |
| tree | 910a3052a9ce43d8f982819aeb06eaf9d609f23d /rt/etc/RT_Config.pm.in | |
| parent | fb4ab1073f0d15d660c6cdc4e07afebf68ef3924 (diff) | |
rt 3.8.11
Diffstat (limited to 'rt/etc/RT_Config.pm.in')
| -rw-r--r-- | rt/etc/RT_Config.pm.in | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/rt/etc/RT_Config.pm.in b/rt/etc/RT_Config.pm.in index 94eea5ade..aa43985c1 100644 --- a/rt/etc/RT_Config.pm.in +++ b/rt/etc/RT_Config.pm.in @@ -1261,6 +1261,19 @@ via SSL encrypted HTTP connections. Set($WebSecureCookies, 0); +=item C<$WebHttpOnlyCookies> + +Default RT's session cookie to not being directly accessible to +javascript. The content is still sent during regular and AJAX requests, +and other cookies are unaffected, but the session-id is less +programmatically accessible to javascript. Turning this off should only +be necessary in situations with odd client-side authentication +requirements. + +=cut + +Set($WebHttpOnlyCookies, 1); + =item C<$WebFlushDbCacheEveryRequest> By default, RT clears its database cache after every page view. |