Index: http/__init__.py
===================================================================
--- http/__init__.py	(revisão 10887)
+++ http/__init__.py	(cópia de trabalho)
@@ -342,7 +342,7 @@
         return self._headers.get(header.lower(), (None, alternate))[1]
 
     def set_cookie(self, key, value='', max_age=None, expires=None, path='/',
-                   domain=None, secure=False):
+                   domain=None, secure=False, httponly=None):
         self.cookies[key] = value
         if max_age is not None:
             self.cookies[key]['max-age'] = max_age
@@ -354,6 +354,8 @@
             self.cookies[key]['domain'] = domain
         if secure:
             self.cookies[key]['secure'] = True
+        if httponly and self.cookies[key].has_key('httponly'):#python 2.6 only
+            self.cookies[key]['httponly'] = True
 
     def delete_cookie(self, key, path='/', domain=None):
         self.set_cookie(key, max_age=0, path=path, domain=domain,
Index: conf/global_settings.py
===================================================================
--- conf/global_settings.py	(revisão 10887)
+++ conf/global_settings.py	(cópia de trabalho)
@@ -316,6 +316,7 @@
 SESSION_COOKIE_PATH = '/'                               # The path of the session cookie.
 SESSION_SAVE_EVERY_REQUEST = False                      # Whether to save the session data on every request.
 SESSION_EXPIRE_AT_BROWSER_CLOSE = False                 # Whether a user's session cookie expires when the Web browser is closed.
+SESSION_HTTP_ONLY = False                 # Whether to use the non-RFC standard httpOnly flag (IE, FF3+, others)
 SESSION_ENGINE = 'django.contrib.sessions.backends.db'  # The module to store session data
 SESSION_FILE_PATH = None                                # Directory to store session files if using the file session module. If None, the backend will use a sensible default.
 
Index: contrib/sessions/middleware.py
===================================================================
--- contrib/sessions/middleware.py	(revisão 10887)
+++ contrib/sessions/middleware.py	(cópia de trabalho)
@@ -38,5 +38,6 @@
                         request.session.session_key, max_age=max_age,
                         expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
                         path=settings.SESSION_COOKIE_PATH,
-                        secure=settings.SESSION_COOKIE_SECURE or None)
+                        secure=settings.SESSION_COOKIE_SECURE or None,
+                        httponly=settings.SESSION_HTTP_ONLY or None)
         return response