Set($ValidateUserEmailAddresses, undef);
+=item C<$NonCustomerEmailRegexp>
+
+Normally, when a ticket is linked to a customer, any requestors on that
+ticket that didn't previously have customer memberships are linked to
+the customer also. C<$NonCustomerEmailRegexp> is a regexp for email
+addresses that should I<not> automatically be linked to a customer in
+this way.
+
+=cut
+
+Set($NonCustomerEmailRegexp, undef);
+
=item C<@MailPlugins>
C<@MailPlugins> is a list of auth plugins for L<RT::Interface::Email>
Set($WebSecureCookies, 0);
+=item C<$WebHttpOnlyCookies>
+
+Default RT's session cookie to not being directly accessible to
+javascript. The content is still sent during regular and AJAX requests,
+and other cookies are unaffected, but the session-id is less
+programmatically accessible to javascript. Turning this off should only
+be necessary in situations with odd client-side authentication
+requirements.
+
+=cut
+
+Set($WebHttpOnlyCookies, 1);
+
=item C<$WebFlushDbCacheEveryRequest>
By default, RT clears its database cache after every page view.