Django

Code

Changeset 3570

Show
Ignore:
Timestamp:
08/12/06 01:02:28 (2 years ago)
Author:
adrian
Message:

Fixed #2523 -- Added SESSION_COOKIE_SECURE setting. Thanks, mir@noris.de

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • django/trunk/django/conf/global_settings.py

    r3407 r3570  
    253253SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 # Age of cookie, in seconds (default: 2 weeks). 
    254254SESSION_COOKIE_DOMAIN = None              # A string like ".lawrence.com", or None for standard domain cookie. 
     255SESSION_COOKIE_SECURE = False             # Whether the session cookie should be secure (https:// only). 
    255256SESSION_SAVE_EVERY_REQUEST = False        # Whether to save the session data on every request. 
    256257SESSION_EXPIRE_AT_BROWSER_CLOSE = False   # Whether sessions expire when a user closes his browser. 

  • django/trunk/django/contrib/sessions/middleware.py

    r3113 r3570  
    8989                    datetime.datetime.now() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE)) 
    9090                response.set_cookie(settings.SESSION_COOKIE_NAME, session_key, 
    91                     max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN) 
     91                    max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN, 
     92                    secure=settings.SESSION_COOKIE_SECURE or None) 
    9293        return response 

  • django/trunk/docs/sessions.txt

    r3295 r3570  
    246246The name of the cookie to use for sessions. This can be whatever you want. 
    247247 
     248SESSION_COOKIE_SECURE 
     249--------------------- 
     250 
     251**New in Django development version** 
     252 
     253Default: ``False`` 
     254 
     255Whether to use a secure cookie for the session cookie. If this is set to 
     256``True``, the cookie will be marked as "secure," which means browsers may 
     257ensure that the cookie is only sent under an HTTPS connection. 
     258 
    248259SESSION_EXPIRE_AT_BROWSER_CLOSE 
    249260------------------------------- 

  • django/trunk/docs/settings.txt

    r3337 r3570  
    648648See the `session docs`_. 
    649649 
     650SESSION_COOKIE_SECURE 
     651--------------------- 
     652 
     653**New in Django development version** 
     654 
     655Default: ``False`` 
     656 
     657Whether to use a secure cookie for the session cookie. If this is set to 
     658``True``, the cookie will be marked as "secure," which means browsers may 
     659ensure that the cookie is only sent under an HTTPS connection. 
     660See the `session docs`_. 
     661 
    650662SESSION_EXPIRE_AT_BROWSER_CLOSE 
    651663-------------------------------