From 69d9600f48d8ca89458165bc059e3ce00b7527bf 2010-06-19 20:04:47
From: Eric Davis <edavis@littlestreamsoftware.com>
Date: 2010-06-19 20:04:47
Subject: [PATCH] Added documentation about the session_path. #3968

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3785 e93f8b46-1217-0410-a6f0-8f06a7374b81

---

diff --git a/lib/tasks/initializers.rake b/lib/tasks/initializers.rake
index ce87475..cec5572 100644
--- a/lib/tasks/initializers.rake
+++ b/lib/tasks/initializers.rake
@@ -17,6 +17,13 @@ file 'config/initializers/session_store.rb' do
 # you'll be exposed to dictionary attacks.
 ActionController::Base.session = {
   :session_key => '_redmine_session',
+  #
+  # Uncomment and edit the :session_path below if are hosting your Redmine
+  # at a suburi and don't want the top level path to access the cookies
+  #
+  # See: http://www.redmine.org/issues/3968
+  #
+  # :session_path => '/url_path_to/your/redmine/',
   :secret => '#{secret}'
 }
 EOF