X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=htetc%2Ffreeside-base2.4.conf;h=dbf4013cdf4330355c42b388507f7705c8cee1ec;hp=f0b44d7fa9c0bd8b6d211a684014ea006f4d9b33;hb=949a80c148a8bbeeeec54c5a0be5d73b292423a5;hpb=4b05b20576ddb14577d59c87c8257c6804449410

diff --git a/htetc/freeside-base2.4.conf b/htetc/freeside-base2.4.conf
index f0b44d7fa..dbf4013cd 100644
--- a/htetc/freeside-base2.4.conf
+++ b/htetc/freeside-base2.4.conf
@@ -20,7 +20,10 @@ PerlAddAuthzProvider user FS::AuthCookieHandler24->authz_handler
 #XXX need to also work properly for installs w/o /freeside/ in path
 PerlSetVar FreesideLoginScript /freeside/loginout/login.html
 
-#PerlSetVar FreesideEverSecure 1
+#disables HTTP, so HTTPS only
+#PerlSetVar FreesideSecure 1
+
+#prevents cookie theft via JS
 PerlSetVar FreesideHttpOnly 1
 
 <Directory %%%FREESIDE_DOCUMENT_ROOT%%%>