X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=htetc%2Ffreeside-base2.4.conf;h=ee716f32079fd4c992d842a19a862284905d647b;hb=4dc075fc38008d1c6cbe9b88b2bdb32bdc92adbf;hp=f0b44d7fa9c0bd8b6d211a684014ea006f4d9b33;hpb=df43a12a1c219709f27297ad6b53f6662b56c10c;p=freeside.git

diff --git a/htetc/freeside-base2.4.conf b/htetc/freeside-base2.4.conf
index f0b44d7fa..ee716f320 100644
--- a/htetc/freeside-base2.4.conf
+++ b/htetc/freeside-base2.4.conf
@@ -20,8 +20,8 @@ PerlAddAuthzProvider user FS::AuthCookieHandler24->authz_handler
 #XXX need to also work properly for installs w/o /freeside/ in path
 PerlSetVar FreesideLoginScript /freeside/loginout/login.html
 
-#PerlSetVar FreesideEverSecure 1
-PerlSetVar FreesideHttpOnly 1
+#PerlSetVar FreesideSecure 1 #disables HTTP, so HTTPS only
+PerlSetVar FreesideHttpOnly 1 #limits cookie theft via JS
 
 <Directory %%%FREESIDE_DOCUMENT_ROOT%%%>