From 3bec128f5fc7cc8604885189fe8fb073a96f6ab6 Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Fri, 25 Nov 2016 11:35:18 +1100
Subject: [PATCH] DEV: add warning if force_https in dev

---
 config/initializers/100-session_store.rb | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/config/initializers/100-session_store.rb b/config/initializers/100-session_store.rb
index d83a343e0c3..ab4077023f3 100644
--- a/config/initializers/100-session_store.rb
+++ b/config/initializers/100-session_store.rb
@@ -2,13 +2,18 @@
 #
 require_dependency 'discourse_cookie_store'
 
+if Rails.env == "development" && SiteSetting.force_https
+  STDERR.puts
+  STDERR.puts "WARNING: force_https is enabled in dev"
+  STDERR.puts "It is very unlikely you are running HTTPS in dev."
+  STDERR.puts "Without HTTPS your session cookie will not work"
+  STDERR.puts "Try: bin/rails c"
+  STDERR.puts "SiteSetting.force_https = false"
+  STDERR.puts
+end
+
 Discourse::Application.config.session_store(
   :discourse_cookie_store,
   key: '_forum_session',
   path: (Rails.application.config.relative_url_root.nil?) ? '/' : Rails.application.config.relative_url_root
 )
-
-# Use the database for sessions instead of the cookie-based default,
-# which shouldn't be used to store highly confidential information
-# (create the session table with "rails generate session_migration")
-# Discourse::Application.config.session_store :active_record_store