Only force SSL in production

README.md

@@ -4,15 +4,3 @@ DanBarberPhoto
 [ ![Codeship Status for danbee/danbarberphoto](https://www.codeship.io/projects/bdd9fe40-63ad-0132-3763-76d0773b13a7/status)](https://www.codeship.io/projects/30798)
 
 This is the source code for DanBarberPhoto.com.
-
-The session cookie has been set to `secure: true` so the admin login will only
-work over an HTTPS connection. Use the tunnels gem to proxy the development
-server to HTTPS:
-
-```bash
-# If you're using pow
-$ sudo tunnels
-
-# If using rails server
-$ sudo tunnels 443 3000
-```

app/controllers/admin/admin_controller.rb

@@ -4,7 +4,7 @@ module Admin
     before_filter :authenticate_admin_user!
     before_filter :admin_menu
 
-    force_ssl host: APP_CONFIG[:ssl_hostname]
+    force_ssl host: APP_CONFIG[:ssl_hostname] if Rails.env.production?
 
     def admin_menu
       @admin_menu = { dashboard: '',

config/initializers/session_store.rb

@@ -1,6 +1,6 @@
 # Be sure to restart your server when you modify this file.
 
-DanBarberPhoto::Application.config.session_store :cookie_store, key: '_danbarberphoto_session', secure: true
+DanBarberPhoto::Application.config.session_store :cookie_store, key: '_danbarberphoto_session', secure: Rails.env.production?
 
 # Use the database for sessions instead of the cookie-based default,
 # which shouldn't be used to store highly confidential information