diff options
| author | ivan <ivan> | 2012-01-21 03:46:24 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2012-01-21 03:46:24 +0000 |
| commit | 24548f7cf666bac02335d0bc74f81251c7b4ab50 (patch) | |
| tree | e0f4f4a25b3a55e71957a1fb186e35fb9800be92 /rt/etc/RT_Config.pm | |
| parent | 75162bb14b3e38d66617077843f4dfdcaf09d5c4 (diff) | |
import rt 3.8.11BESTPRACTICAL
Diffstat (limited to 'rt/etc/RT_Config.pm')
| -rw-r--r-- | rt/etc/RT_Config.pm | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/rt/etc/RT_Config.pm b/rt/etc/RT_Config.pm index 67d131319..1b7e756c5 100644 --- a/rt/etc/RT_Config.pm +++ b/rt/etc/RT_Config.pm @@ -1235,6 +1235,19 @@ via SSL encrypted HTTP connections. Set($WebSecureCookies, 0); +=item C<$WebHttpOnlyCookies> + +Default RT's session cookie to not being directly accessible to +javascript. The content is still sent during regular and AJAX requests, +and other cookies are unaffected, but the session-id is less +programmatically accessible to javascript. Turning this off should only +be necessary in situations with odd client-side authentication +requirements. + +=cut + +Set($WebHttpOnlyCookies, 1); + =item C<$WebFlushDbCacheEveryRequest> By default, RT clears its database cache after every page view. |