about summary refs log tree commit diff
path: root/config/initializers/devise.rb
diff options
context:
space:
mode:
Diffstat (limited to 'config/initializers/devise.rb')
-rw-r--r--config/initializers/devise.rb6
1 files changed, 6 insertions, 0 deletions
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index d3757b0d3..ef612e177 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -9,6 +9,7 @@ Warden::Manager.after_set_user except: :fetch do |user, warden|
     value: session_id,
     expires: 1.year.from_now,
     httponly: true,
+    secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'),
     same_site: :lax,
   }
 end
@@ -19,6 +20,7 @@ Warden::Manager.after_fetch do |user, warden|
       value: warden.cookies.signed['_session_id'] || warden.raw_session['auth_id'],
       expires: 1.year.from_now,
       httponly: true,
+      secure: (Rails.env.production? || ENV['LOCAL_HTTPS'] == 'true'),
       same_site: :lax,
     }
   else
@@ -227,6 +229,10 @@ Devise.setup do |config|
   # If true, extends the user's remember period when remembered via cookie.
   # config.extend_remember_period = false
 
+  # Options to be passed to the created cookie. For instance, you can set
+  # secure: true in order to force SSL only cookies.
+  config.rememberable_options = { secure: true }
+
   # ==> Configuration for :validatable
   # Range for password length.
   config.password_length = 8..72
generated by cgit-pink (git 2.37.1) at 2025-06-29 14:05:42 +0000