1 files changed, 9 insertions, 14 deletions

diff --git a/ci/config-templates/SessionProvider-template.json b/ci/config-templates/SessionProvider-template.json
index 328f06f..b855bc8 100644
--- a/ci/config-templates/SessionProvider-template.json
+++ b/ci/config-templates/SessionProvider-template.json
@@ -1,25 +1,20 @@
 {
 
-  "debug": ${DEBUG_PLUGINS},
+   "debug": ${DEBUG_PLUGINS:-false}, //Enables obnoxious debug logging
 
   //Provider assemblies to load
   "provider_assemblies": [ "VNLib.Plugins.Sessions.VNCache.dll" ],
 
   //Web session provider, valid format for VNCache and also memory sessions
   "web": {
-    //Cache system key prefix
-    "cache_prefix": "websessions",
-    //The session cookie name
-    "cookie_name": "sb-session",
-    //Size in bytes for generated session ids
-    "cookie_size": 40,
-    //time (in seconds) a session is valid for
-    "valid_for_sec": 3600,
-    //The maxium number of connections waiting for the cache server responses
-    "max_waiting_connections": 100,
-    //Enforce strict cross-origin session checks
-    "strict_cors": true,
+    
+    "cache_prefix": "websessions",      //Cache system key prefix
+    "cookie_name": "sb-session",        //The session cookie name
+    "cookie_size": 40,                  //Size in bytes for generated session ids
+    "valid_for_sec": 3600,              //time (in seconds) a session is valid for
+    "max_waiting_connections": 100,     //The maxium number of connections waiting for the cache server responses
+
     ///Enforces strict TLS to help prevent tls downgrades based on stored session variables (privacy note: this can be leaked through brute-forced if session id is stolen)
-    "strict_tls_protocol": true
+    "strict_tls_protocol": ${SESSION_STRICT_TLS:-true}    
   } 
 }
\ No newline at end of file