From 5a17bba97e6d7955b4231344ea643c7b7ac22dcd Mon Sep 17 00:00:00 2001
From: Rebecca Law <rebecca.law@digital.cabinet-office.gov.uk>
Date: Thu, 28 Jan 2016 15:01:44 +0000
Subject: [PATCH] Set SESSION_COOKIE_SECURE=True for live.

---
 app/its_dangerous_session.py | 2 +-
 config.py                    | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/its_dangerous_session.py b/app/its_dangerous_session.py
index d281b32d9..a5e6f6699 100644
--- a/app/its_dangerous_session.py
+++ b/app/its_dangerous_session.py
@@ -47,4 +47,4 @@ class ItsdangerousSessionInterface(SessionInterface):
         val = self.get_serializer(app).dumps(dict(session))
         response.set_cookie(app.session_cookie_name, val,
                             expires=expires, httponly=True,
-                            domain=domain)
+                            domain=domain, secure=app.config.get('SESSION_COOKIE_SECURE'))
diff --git a/config.py b/config.py
index b810d9229..81b40b715 100644
--- a/config.py
+++ b/config.py
@@ -56,6 +56,8 @@ class Test(Development):
 class Live(Config):
     DEBUG = False
     HTTP_PROTOCOL = 'https'
+    SESSION_COOKIE_SECURE = True
+
 
 configs = {
     'live': Live,