I have my site set up for HTTPS and even added HSTS (using cloudflare though), however I would like to set the secure flag for my session ID cookie and maybe the other cookies as well.
It looks like
_forum_session is the main cookie we would want to secure and on meta.discourse.org the secure flag is set.
I have the HTTPS setting in admin enabled:
Should the full url for the site (Discourse.base_url) be http or https? DO NOT ENABLE THIS UNLESS HTTPS IS ALREADY SET UP AND WORKING!
I’m also on the latest version of Discourse: v1.3.0.beta6 +98
Any simple way of doing this? Maybe I should make a plugin?
Edit: Supposedly the
_t cookie is the real user session cookie