#XXX need to also work properly for installs w/o /freeside/ in path
PerlSetVar FreesideLoginScript /freeside/loginout/login.html
-#PerlSetVar FreesideEverSecure 1
+#disables HTTP, so HTTPS only
+#PerlSetVar FreesideSecure 1
+
+#prevents cookie theft via JS
PerlSetVar FreesideHttpOnly 1
+#prevents broken restarts with "couldn't grab the accept mutex" error
+Mutex posixsem
+
<Directory %%%FREESIDE_DOCUMENT_ROOT%%%>
#work around Apache2::AuthCookie vs. mod_dir