Refs #16859 -- Allowed storing CSRF tokens in sessions.

Major thanks to Shai for helping to refactor the tests, and to Shai, Tim, Florian, and others for extensive and helpful review.
2025-10-31 09:41:08 +00:00 · 2016-06-30 18:42:11 +02:00
parent f24eea3b69
commit ddf169cdac
7 changed files with 407 additions and 218 deletions
--- a/docs/releases/1.11.txt
+++ b/docs/releases/1.11.txt
@@ -231,7 +231,8 @@ Cache
 CSRF
 ~~~~

-* ...
+* Added the :setting:`CSRF_USE_SESSIONS` setting to allow storing the CSRF
+  token in the user's session rather than in a cookie.

 Database backends
 ~~~~~~~~~~~~~~~~~