From eb4960a401d4f113e76eac16a7d3fad9defdbf8a Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Tue, 19 May 2015 12:57:45 +0200
Subject: [PATCH] Be sure the cookie is always using SSL, even temporarily

---
 roles/pagure/frontend/templates/pagure_admin.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/pagure/frontend/templates/pagure_admin.cfg b/roles/pagure/frontend/templates/pagure_admin.cfg
index 9fb77f6437..f9ddd00c56 100644
--- a/roles/pagure/frontend/templates/pagure_admin.cfg
+++ b/roles/pagure/frontend/templates/pagure_admin.cfg
@@ -105,7 +105,7 @@ PAGURE_AUTH = 'fas'
 # This may be set to False when testing your application but should always
 # be set to True in production.
 # Default: ``True``.
-SESSION_COOKIE_SECURE = False
+SESSION_COOKIE_SECURE = True
 
 # The name of the cookie used to store the session id.
 # Default: ``.pagure``.