mirror of
				https://github.com/django/django.git
				synced 2025-10-24 22:26:08 +00:00 
			
		
		
		
	[1.4.X] Fixed #18045 -- Corrected the documented default value of SESSION_COOKIE_HTTPONLY setting. Missing bit of r17135.
Backport of r17862 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17863 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		| @@ -1711,7 +1711,7 @@ domain cookie. See the :doc:`/topics/http/sessions`. | ||||
| SESSION_COOKIE_HTTPONLY | ||||
| ----------------------- | ||||
|  | ||||
| Default: ``False`` | ||||
| Default: ``True`` | ||||
|  | ||||
| Whether to use HTTPOnly flag on the session cookie. If this is set to | ||||
| ``True``, client-side JavaScript will not to be able to access the | ||||
| @@ -1725,6 +1725,9 @@ protected cookie data. | ||||
|  | ||||
| .. _HTTPOnly: http://www.owasp.org/index.php/HTTPOnly | ||||
|  | ||||
| .. versionchanged:: 1.4 | ||||
|     The default value of the setting was changed from ``False`` to ``True``. | ||||
|  | ||||
| .. setting:: SESSION_COOKIE_NAME | ||||
|  | ||||
| SESSION_COOKIE_NAME | ||||
|   | ||||
		Reference in New Issue
	
	Block a user