update doc for cookie.secure to match new defaults and add addiitonal info

see #1141
2026-01-11 18:54:31 +00:00 · 2017-03-20 14:45:51 -07:00
parent 6573696992
commit 3dcee9651d
1 changed files with 4 additions and 2 deletions
--- a/revel/skeleton/conf/app.conf.template
+++ b/revel/skeleton/conf/app.conf.template
@@ -51,8 +51,10 @@ cookie.prefix = REVEL
 # server. This makes the cookie less likely to be exposed to cookie theft via
 # eavesdropping.
 #
-# In dev mode, this will default to false, otherwise it will
-# default to true.
+# Defaults to false. If 'http.ssl' is enabled, this will automatically be enabled.
+# This should only be true when Revel is handling SSL connections. If you are
+# using a proxy in front of revel (Nginx, Apache, etc), then this should be left
+# as false.
 # cookie.secure = false

 # Limit cookie access to a given domain