Ticket #3304: httponly_docs.patch

File httponly_docs.patch, 2.6 KB (added by cephelo@…, 8 years ago)

HttpOnly cookie docs

  • request_response.txt

     
    364364    Returns ``True`` or ``False`` based on a case-insensitive check for a
    365365    header with the given name.
    366366
    367 ``set_cookie(key, value='', max_age=None, expires=None, path='/', domain=None, secure=None)``
     367``set_cookie(key, value='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=None)``
    368368    Sets a cookie. The parameters are the same as in the `cookie Morsel`_
    369     object in the Python standard library.
     369    object in the Python standard library, aside from ``httponly``.
    370370
    371371        * ``max_age`` should be a number of seconds, or ``None`` (default) if
    372372          the cookie should last only as long as the client's browser session.
     
    377377          the domains www.lawrence.com, blogs.lawrence.com and
    378378          calendars.lawrence.com. Otherwise, a cookie will only be readable by
    379379          the domain that set it.
     380        * Use ``httponly`` set to ``True`` to set non-standard HttpOnly Cookie
     381          flag to disallow access to this cookie via JavaScript. Not all browsers
     382          honor this flag. See the `session docs`_.
    380383
     384    .. _session docs: ../sessions/
    381385    .. _`cookie Morsel`: http://www.python.org/doc/current/lib/morsel-objects.html
    382386
    383387``delete_cookie(key, path='/', domain=None)``
  • sessions.txt

     
    288288(default), then the session data will only be saved if it has been modified --
    289289that is, if any of its dictionary values have been assigned or deleted.
    290290
     291SESSION_HTTP_ONLY
     292-----------------
     293
     294Default: ``False``
     295
     296Whether to use the non-standard HttpOnly Cookie flag. Some browsers, notably
     297Internet Explorer and upcoming Firefox 3, allow cookies to be sent as HTTP-only.
     298These cookies cannot be read using JavaScript, minimizing cross-site scripting
     299attacks for user agents that support it.
     300
    291301.. _Django settings: ../settings/
    292302
    293303Technical details
  • settings.txt

     
    736736
    737737Whether to save the session data on every request. See the `session docs`_.
    738738
     739SESSION_HTTP_ONLY
     740-----------------
     741
     742Default: ``False``
     743
     744Whether to use the non-standard HttOnly Cookie flag. See the `session docs`_.
     745
    739746SITE_ID
    740747-------
    741748
Back to Top