mirror of
https://github.com/django/django.git
synced 2025-10-24 06:06:09 +00:00
[1.4.X] Fixed #18045 -- Corrected the documented default value of SESSION_COOKIE_HTTPONLY setting. Missing bit of r17135.
Backport of r17862 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17863 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
@@ -1711,7 +1711,7 @@ domain cookie. See the :doc:`/topics/http/sessions`.
|
||||
SESSION_COOKIE_HTTPONLY
|
||||
-----------------------
|
||||
|
||||
Default: ``False``
|
||||
Default: ``True``
|
||||
|
||||
Whether to use HTTPOnly flag on the session cookie. If this is set to
|
||||
``True``, client-side JavaScript will not to be able to access the
|
||||
@@ -1725,6 +1725,9 @@ protected cookie data.
|
||||
|
||||
.. _HTTPOnly: http://www.owasp.org/index.php/HTTPOnly
|
||||
|
||||
.. versionchanged:: 1.4
|
||||
The default value of the setting was changed from ``False`` to ``True``.
|
||||
|
||||
.. setting:: SESSION_COOKIE_NAME
|
||||
|
||||
SESSION_COOKIE_NAME
|
||||
|
Reference in New Issue
Block a user