Ticket #3304: django_p26_patch.diff

File django_p26_patch.diff, 2.5 KB (added by rodolfo, 6 years ago)

patch to add "httponly" with Python 2.6 (with 2.5 doesn't work, but doesn't show error). Docs are the same attached by cephelo.

  • http/__init__.py

     
    342342        return self._headers.get(header.lower(), (None, alternate))[1]
    343343
    344344    def set_cookie(self, key, value='', max_age=None, expires=None, path='/',
    345                    domain=None, secure=False):
     345                   domain=None, secure=False, httponly=None):
    346346        self.cookies[key] = value
    347347        if max_age is not None:
    348348            self.cookies[key]['max-age'] = max_age
     
    354354            self.cookies[key]['domain'] = domain
    355355        if secure:
    356356            self.cookies[key]['secure'] = True
     357        if httponly and self.cookies[key].has_key('httponly'):#python 2.6 only
     358            self.cookies[key]['httponly'] = True
    357359
    358360    def delete_cookie(self, key, path='/', domain=None):
    359361        self.set_cookie(key, max_age=0, path=path, domain=domain,
  • conf/global_settings.py

     
    316316SESSION_COOKIE_PATH = '/'                               # The path of the session cookie.
    317317SESSION_SAVE_EVERY_REQUEST = False                      # Whether to save the session data on every request.
    318318SESSION_EXPIRE_AT_BROWSER_CLOSE = False                 # Whether a user's session cookie expires when the Web browser is closed.
     319SESSION_HTTP_ONLY = False                 # Whether to use the non-RFC standard httpOnly flag (IE, FF3+, others)
    319320SESSION_ENGINE = 'django.contrib.sessions.backends.db'  # The module to store session data
    320321SESSION_FILE_PATH = None                                # Directory to store session files if using the file session module. If None, the backend will use a sensible default.
    321322
  • contrib/sessions/middleware.py

     
    3838                        request.session.session_key, max_age=max_age,
    3939                        expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
    4040                        path=settings.SESSION_COOKIE_PATH,
    41                         secure=settings.SESSION_COOKIE_SECURE or None)
     41                        secure=settings.SESSION_COOKIE_SECURE or None,
     42                        httponly=settings.SESSION_HTTP_ONLY or None)
    4243        return response
Back to Top