2019-07-30 13:43:27 +00:00
|
|
|
# Use the database for sessions instead of the cookie-based default,
|
|
|
|
|
# which shouldn't be used to store highly confidential information
|
|
|
|
|
# (create the session table with "rails generate session_migration")
|
|
|
|
|
|
|
|
|
|
module Zammad
|
|
|
|
|
class Application
|
|
|
|
|
class Initializer
|
|
|
|
|
module SessionStore
|
2020-06-22 09:57:45 +00:00
|
|
|
STORE_TYPE = :active_record_store # default: :cookie_store
|
|
|
|
|
SESSION_KEY = ('_zammad_session_' + Digest::MD5.hexdigest(Rails.root.to_s)[5..15]).freeze # default: '_zammad_session'
|
2019-07-30 13:43:27 +00:00
|
|
|
|
|
|
|
|
def self.perform
|
|
|
|
|
Rails.application.config.session_store STORE_TYPE,
|
|
|
|
|
key: SESSION_KEY,
|
|
|
|
|
secure: secure?
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.secure?
|
|
|
|
|
Setting.get('http_type') == 'https'
|
|
|
|
|
rescue ActiveRecord::StatementInvalid
|
|
|
|
|
false
|
|
|
|
|
end
|
|
|
|
|
private_class_method :secure?
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
