Added documentation about the session_path. #3968

author Eric Davis <edavis@littlestreamsoftware.com>

Sat, 19 Jun 2010 20:04:47 +0000 (20:04 +0000)

committer Eric Davis <edavis@littlestreamsoftware.com>

Sat, 19 Jun 2010 20:04:47 +0000 (20:04 +0000)
author Eric Davis <edavis@littlestreamsoftware.com>
Sat, 19 Jun 2010 20:04:47 +0000 (20:04 +0000)
committer Eric Davis <edavis@littlestreamsoftware.com>
Sat, 19 Jun 2010 20:04:47 +0000 (20:04 +0000)
diff --git a/lib/tasks/initializers.rake b/lib/tasks/initializers.rake

index ce874750431746feef16b6ac7aa7db40483b8b9c..cec557250b201f6689db9a7d6edc080a4b63b2c2 100644 (file)
--- a/lib/tasks/initializers.rake
+++ b/lib/tasks/initializers.rake
@@ -17,6 +17,13 @@ file 'config/initializers/session_store.rb' do
  # you'll be exposed to dictionary attacks.
  ActionController::Base.session = {
    :session_key => '_redmine_session',
+  #
+  # Uncomment and edit the :session_path below if are hosting your Redmine
+  # at a suburi and don't want the top level path to access the cookies
+  #
+  # See: http://www.redmine.org/issues/3968
+  #
+  # :session_path => '/url_path_to/your/redmine/',
    :secret => '#{secret}'
  }
  EOF
author	Eric Davis <edavis@littlestreamsoftware.com>
	Sat, 19 Jun 2010 20:04:47 +0000 (20:04 +0000)
committer	Eric Davis <edavis@littlestreamsoftware.com>
	Sat, 19 Jun 2010 20:04:47 +0000 (20:04 +0000)