csrftoken cookie not being sent over SSL
|Reported by:||burhan||Owned by:||nobody|
|Severity:||Keywords:||csrf ssl https|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
SESSION_COOKIE_SECURE setting is not being used for the csrftoken, causing it to be sent over HTTP. I believe this is the reason why I keep getting 'Looks like your browser isn't configured to accept cookies. Please enable cookies, reload this page, and try again.' errors when trying to login on the django admin.
django-jython 1.1.2 (against Oracle backend)
Note: no other servers are being used, glassfish is exclusively for django use (so no PHP mhash problems).