forked from wycats/merb-core
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCONFIG
More file actions
11 lines (11 loc) · 680 Bytes
/
CONFIG
File metadata and controls
11 lines (11 loc) · 680 Bytes
1
2
3
4
5
6
7
8
9
10
11
==== Configuration options
:session_id_cookie_only<Boolean>::
If true, sessions may be passed only through cookies. If false, they may also
be passed through the session_id_key query param. This might be necessary for
flash uploaders, which do not pass cookies with file uploads. This can be
used in conjunction with :query_string_whitelist.
:query_string_whitelist<Array[String]>::
A list of "controller/action" URLs that should allow session IDs to be passed
through the query string even if :session_id_cookie_only is set to true. We
recommend using session.regenerate after any controller making use of this
in case someone is trying a session fixation attack.