Jump to content

手册:$wgCookieSecure

From mediawiki.org
This page is a translated version of the page Manual:$wgCookieSecure and the translation is 50% complete.
Cookies: $wgCookieSecure
Whether cookies are secured.
引进版本:1.6.0 (r12253)
移除版本:仍在使用
允许的值:(boolean or special value 'detect')
默认值:(参见下方)

细节

Whether cookies should only be sent over HTTPS (Secure attribute of cookies, see section 4.1.2.5 in RFC 6265). HTTPS-only sites should set this to true, to avoid cookie theft. If configured with the default value, 'detect', the runtime value is calculated by looking at the protocol that the request came in under. Sites using reverse proxies, load balancing or some other method which converts HTTPS requests into HTTP ones need to set the X-Forwarded-Proto header for detection to work correctly. (參見$wgVaryOnXFP 。)

默认值

MediaWiki版本:
1.18
$wgCookieSecure = 'detect';
MediaWiki版本:
1.6 – 1.17
$wgCookieSecure = ($wgProto == 'https');

参见