Skip to main content

HTTPS only

Environmental Variable: COOKIE_SECURE
Config File Key: cookie_secure
Type: bool
Default: true

If true, instructs browsers to only send user session cookies over HTTPS.

warning

Setting this to false may result in session cookies being sent in cleartext.

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.