id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
24153	Python change in casing of Cookie HttpOnly attribute broke some tests	Jon Dufresne	nobody	"See http://tools.ietf.org/html/rfc6265#section-5.2.6

Relevant section:

> 5.2.6. The HttpOnly Attribute
>
> If the attribute-name case-insensitively matches the string ""HttpOnly"", the user agent MUST append an attribute to the cookie- attribute-list with an attribute-name of HttpOnly and an empty attribute-value.
> 
> ...
>
> If the cookie-attribute-list contains an attribute with an attribute-name of ""HttpOnly"", set the cookie's http-only-flag to true.  Otherwise, set the cookie's http-only-flag to false.
Django creates this attribute as `httponly` not `HttpOnly`.

It is true, this attribute is case insensitive when interpreted by the user agent, but it seems odd to me that Django would go out of its way to purposely use different case then stated in the standard. When looking at other web technologies, the case used in the standard is most typical. The examples in the standard also use the `HttpOnly` style.

PR to follow."	Cleanup/optimization	closed	HTTP handling	dev	Normal	fixed		cmawebsite@…	Ready for checkin	1	0	0	0	0	0