# HG changeset patch
# User Marcin Kuzminski <marcin@python-works.com>
# Date 1322059070 -7200
# Node ID 1308f068fc1a52468cd0cd5587693ec4f2a5e92d
# Parent  54687aa00724400a1425c91e9dd9875a0d1cedfd
added httponly and secure cookie into ini files

diff -r 54687aa00724 -r 1308f068fc1a development.ini
--- a/development.ini	Wed Nov 23 15:36:57 2011 +0200
+++ b/development.ini	Wed Nov 23 16:37:50 2011 +0200
@@ -142,6 +142,9 @@
 beaker.session.encrypt_key = g654dcno0-9873jhgfreyu
 beaker.session.validate_key = 9712sds2212c--zxc123
 beaker.session.timeout = 36000
+beaker.session.httponly = true
+# uncomment for https secure cookie
+beaker.session.secure = false
 
 ##auto save the session to not to use .save()
 beaker.session.auto = False
diff -r 54687aa00724 -r 1308f068fc1a production.ini
--- a/production.ini	Wed Nov 23 15:36:57 2011 +0200
+++ b/production.ini	Wed Nov 23 16:37:50 2011 +0200
@@ -142,6 +142,9 @@
 beaker.session.encrypt_key = g654dcno0-9873jhgfreyu
 beaker.session.validate_key = 9712sds2212c--zxc123
 beaker.session.timeout = 36000
+beaker.session.httponly = true
+# uncomment for https secure cookie
+beaker.session.secure = false
 
 ##auto save the session to not to use .save()
 beaker.session.auto = False
@@ -255,4 +258,4 @@
 [formatter_color_formatter_sql]
 class=rhodecode.lib.colored_formatter.ColorFormatterSql
 format= %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
-datefmt = %Y-%m-%d %H:%M:%S
\ No newline at end of file
+datefmt = %Y-%m-%d %H:%M:%S
diff -r 54687aa00724 -r 1308f068fc1a rhodecode/config/deployment.ini_tmpl
--- a/rhodecode/config/deployment.ini_tmpl	Wed Nov 23 15:36:57 2011 +0200
+++ b/rhodecode/config/deployment.ini_tmpl	Wed Nov 23 16:37:50 2011 +0200
@@ -142,13 +142,17 @@
 beaker.session.encrypt_key = ${app_instance_secret}
 beaker.session.validate_key = ${app_instance_secret}
 beaker.session.timeout = 36000
+beaker.session.httponly = true
+# uncomment for https secure cookie
+beaker.session.secure = false
 
 ##auto save the session to not to use .save()
 beaker.session.auto = False
 
 ##true exire at browser close
 #beaker.session.cookie_expires = 3600
-    
+
+
 ################################################################################
 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*  ##
 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to  ##