From 7ee5780bc3b9e9c3f1b89e156b848933dec22d88 Mon Sep 17 00:00:00 2001
From: yackob03 <jacob.moshenko@gmail.com>
Date: Mon, 27 Jan 2014 17:46:21 -0500
Subject: [PATCH] Mark session cookies as secure only.

---
 config.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/config.py b/config.py
index cf56eb1c8..90705d337 100644
--- a/config.py
+++ b/config.py
@@ -19,6 +19,10 @@ class FlaskConfig(object):
   SECRET_KEY = '1cb18882-6d12-440d-a4cc-b7430fb5f884'
 
 
+class FlaskProdConfig(FlaskConfig):
+  SESSION_COOKIE_SECURE = True
+
+
 class MailConfig(object):
   MAIL_SERVER = 'email-smtp.us-east-1.amazonaws.com'
   MAIL_USE_TLS = True
@@ -168,7 +172,7 @@ class LocalHostedConfig(FlaskConfig, MailConfig, S3Storage, RDSMySQL,
   SEND_FILE_MAX_AGE_DEFAULT = 0
 
 
-class ProductionConfig(FlaskConfig, MailConfig, S3Storage, RDSMySQL,
+class ProductionConfig(FlaskProdConfig, MailConfig, S3Storage, RDSMySQL,
                        StripeLiveConfig, MixpanelProdConfig,
                        GitHubProdConfig, DigitalOceanConfig, BuildNodeConfig,
                        S3Userfiles):