From 29ae21e86ac9bf63874fc66e0855652c325508b8 Mon Sep 17 00:00:00 2001
From: kentsanggds <ken.tsang@digital.cabinet-office.gov.uk>
Date: Tue, 11 Jun 2024 16:29:37 +0100
Subject: [PATCH] Disable session store in order to allow fastly to cache

Also CSRF no longer needed as support forms have been disabled.
---
 config/environments/test.rb          | 3 ---
 config/initializers/session_store.rb | 2 +-
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/config/environments/test.rb b/config/environments/test.rb
index 1745af7b..98dab3fa 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -30,9 +30,6 @@
   # Raise exceptions instead of rendering exception templates.
   config.action_dispatch.show_exceptions = true
 
-  # Disable request forgery protection in test environment.
-  config.action_controller.allow_forgery_protection = true
-
   config.action_mailer.perform_caching = false
 
   # Tell Action Mailer not to deliver emails to the real world.
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index d25dd9b5..dcfe49a8 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -1 +1 @@
-Rails.application.config.session_store :cookie_store, expire_after: 14.days, secure: !(Rails.env.development? || Rails.env.test?), httponly: true
+Rails.application.config.session_store :disabled