document these non-well-named Apache::AuthCookieHandler options

author Ivan Kohler <ivan@freeside.biz>

Sun, 25 Sep 2016 18:12:09 +0000 (11:12 -0700)

committer Ivan Kohler <ivan@freeside.biz>

Sun, 25 Sep 2016 18:12:09 +0000 (11:12 -0700)
author Ivan Kohler <ivan@freeside.biz>
Sun, 25 Sep 2016 18:12:09 +0000 (11:12 -0700)
committer Ivan Kohler <ivan@freeside.biz>
Sun, 25 Sep 2016 18:12:09 +0000 (11:12 -0700)
diff --git a/htetc/freeside-base2.4.conf b/htetc/freeside-base2.4.conf

index f0b44d7..ee716f3 100644 (file)
--- a/htetc/freeside-base2.4.conf
+++ b/htetc/freeside-base2.4.conf
@@ -20,8 +20,8 @@ PerlAddAuthzProvider user FS::AuthCookieHandler24->authz_handler
  #XXX need to also work properly for installs w/o /freeside/ in path
  PerlSetVar FreesideLoginScript /freeside/loginout/login.html
  
-#PerlSetVar FreesideEverSecure 1
-PerlSetVar FreesideHttpOnly 1
+#PerlSetVar FreesideSecure 1 #disables HTTP, so HTTPS only
+PerlSetVar FreesideHttpOnly 1 #limits cookie theft via JS
  
  <Directory %%%FREESIDE_DOCUMENT_ROOT%%%>
  
diff --git a/htetc/freeside-base2.conf b/htetc/freeside-base2.conf

index 309279d..6a1d2fb 100644 (file)
--- a/htetc/freeside-base2.conf
+++ b/htetc/freeside-base2.conf
@@ -18,8 +18,8 @@ PerlModule FS::AuthCookieHandler
  #XXX need to also work properly for installs w/o /freeside/ in path
  PerlSetVar FreesideLoginScript /freeside/loginout/login.html
  
-#PerlSetVar FreesideEverSecure 1
-PerlSetVar FreesideHttpOnly 1
+#PerlSetVar FreesideSecure 1 #disables HTTP, so HTTPS only
+PerlSetVar FreesideHttpOnly 1 #limits cookie theft via JS
  
  <Directory %%%FREESIDE_DOCUMENT_ROOT%%%>
author	Ivan Kohler <ivan@freeside.biz>
	Sun, 25 Sep 2016 18:12:09 +0000 (11:12 -0700)
committer	Ivan Kohler <ivan@freeside.biz>
	Sun, 25 Sep 2016 18:12:09 +0000 (11:12 -0700)
htetc/freeside-base2.4.conf		patch \| blob \| history
htetc/freeside-base2.conf		patch \| blob \| history