diff --git a/config/application-example.yml b/config/application-example.yml index f54557828..caedd83cc 100644 --- a/config/application-example.yml +++ b/config/application-example.yml @@ -129,3 +129,5 @@ payments_lhv_seller_private: 'kaupmees_priv.pem' payments_lhv_seller_account: 'testvpos' user_session_timeout: '3600' # 1 hour +secure_session_cookies: 'false' # true|false +same_site_session_cookies: 'false' # false|strict|lax diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 480996245..d063123a4 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -1,3 +1,9 @@ # Be sure to restart your server when you modify this file. -Rails.application.config.session_store :cookie_store, key: '_registry_session' +secure_cookies = ENV['secure_session_cookies'] == 'true' +same_site_cookies = ENV['same_site_session_cookies'] != 'false' ? ENV['same_site_session_cookies'].to_sym : false + +Rails.application.config.session_store :cookie_store, + key: '_registry_session', + secure: secure_cookies, + same_site: same_site_cookies