Merge pull request #75 from shawncatz/cookie-secure-doc

update doc for cookie.secure to match new defaults and add addiitonal info
2026-01-11 18:54:31 +00:00 · 2017-03-20 15:04:26 -07:00
parent 6573696992 5eac8fae04
commit 0ec369fd48
1 changed files with 4 additions and 2 deletions
--- a/revel/skeleton/conf/app.conf.template
+++ b/revel/skeleton/conf/app.conf.template
@@ -51,8 +51,10 @@ cookie.prefix = REVEL
 # server. This makes the cookie less likely to be exposed to cookie theft via
 # eavesdropping.
 #
-# In dev mode, this will default to false, otherwise it will
-# default to true.
+# Defaults to false. If 'http.ssl' is enabled, this will be defaulted to true.
+# This should only be true when Revel is handling SSL connections. If you are
+# using a proxy in front of revel (Nginx, Apache, etc), then this should be left
+# as false.
 # cookie.secure = false

 # Limit cookie access to a given domain