From: Ivan Kohler <ivan@freeside.biz>
Date: Sun, 25 Sep 2016 18:12:09 +0000 (-0700)
Subject: document these non-well-named Apache::AuthCookieHandler options
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=dd21870b44d5557e9bff786c0476012c151f035a

document these non-well-named Apache::AuthCookieHandler options
---

diff --git a/htetc/freeside-base2.4.conf b/htetc/freeside-base2.4.conf
index f0b44d7fa..ee716f320 100644
--- a/htetc/freeside-base2.4.conf
+++ b/htetc/freeside-base2.4.conf
@@ -20,8 +20,8 @@ PerlAddAuthzProvider user FS::AuthCookieHandler24->authz_handler
 #XXX need to also work properly for installs w/o /freeside/ in path
 PerlSetVar FreesideLoginScript /freeside/loginout/login.html
 
-#PerlSetVar FreesideEverSecure 1
-PerlSetVar FreesideHttpOnly 1
+#PerlSetVar FreesideSecure 1 #disables HTTP, so HTTPS only
+PerlSetVar FreesideHttpOnly 1 #limits cookie theft via JS
 
 <Directory %%%FREESIDE_DOCUMENT_ROOT%%%>
 
diff --git a/htetc/freeside-base2.conf b/htetc/freeside-base2.conf
index 309279dfa..6a1d2fb64 100644
--- a/htetc/freeside-base2.conf
+++ b/htetc/freeside-base2.conf
@@ -18,8 +18,8 @@ PerlModule FS::AuthCookieHandler
 #XXX need to also work properly for installs w/o /freeside/ in path
 PerlSetVar FreesideLoginScript /freeside/loginout/login.html
 
-#PerlSetVar FreesideEverSecure 1
-PerlSetVar FreesideHttpOnly 1
+#PerlSetVar FreesideSecure 1 #disables HTTP, so HTTPS only
+PerlSetVar FreesideHttpOnly 1 #limits cookie theft via JS
 
 <Directory %%%FREESIDE_DOCUMENT_ROOT%%%>