mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-03 18:38:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixed #16847. Session Cookies now default to httponly = True.

Browse source 
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17135 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Paul McMillan 2011-11-21 22:03:03 +00:00
parent 43c5d35315
commit 4d975b4f88
5 changed files with 40 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

6
docs/topics/http/sessions.txt
View file

@ -110,8 +110,8 @@ and the :setting:`SECRET_KEY` setting.
.. note::
It's recommended to set the :setting:`SESSION_COOKIE_HTTPONLY` setting
to ``True`` to prevent tampering of the stored data from JavaScript.
It's recommended to leave the :setting:`SESSION_COOKIE_HTTPONLY` setting
``True`` to prevent tampering of the stored data from JavaScript.
.. warning::
@ -504,7 +504,7 @@ The domain to use for session cookies. Set this to a string such as
SESSION_COOKIE_HTTPONLY
-----------------------
Default: ``False``
Default: ``True``
Whether to use HTTPOnly flag on the session cookie. If this is set to
``True``, client-side JavaScript will not to be able to access the