From a2197b8d0577d47246f9e0ff6dd9d3c94e69b10c Mon Sep 17 00:00:00 2001
From: rt00492 <rt00492@surrey.ac.uk>
Date: Wed, 27 Apr 2022 12:59:15 +0100
Subject: [PATCH] Adding additional security to cookies/session variables

---
 config/application.rb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/application.rb b/config/application.rb
index 85969a0..79d586f 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -19,6 +19,9 @@ module Calendar
     # config.time_zone = "Central Time (US & Canada)"
     # config.eager_load_paths << Rails.root.join("extras")
 
+    config.session_store :cookie_store, key: '_app_session', expire_after: 14.days, :httponly => true
+
+
     config.action_view.field_error_proc = Proc.new { |html_tag, instance| 
       html_tag
     }
-- 
GitLab