Author: adrian
Date: 2006-08-12 01:02:28 -0500 (Sat, 12 Aug 2006)
New Revision: 3570
Modified:
django/trunk/django/conf/global_settings.py
django/trunk/django/contrib/sessions/middleware.py
django/trunk/docs/sessions.txt
django/trunk/docs/settings.txt
Log:
Fixed #2523 -- Added SESSION_COOKIE_SECURE setting. Thanks, [EMAIL PROTECTED]
Modified: django/trunk/django/conf/global_settings.py
===================================================================
--- django/trunk/django/conf/global_settings.py 2006-08-12 05:55:28 UTC (rev
3569)
+++ django/trunk/django/conf/global_settings.py 2006-08-12 06:02:28 UTC (rev
3570)
@@ -252,6 +252,7 @@
SESSION_COOKIE_NAME = 'sessionid' # Cookie name. This can be whatever
you want.
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 # Age of cookie, in seconds
(default: 2 weeks).
SESSION_COOKIE_DOMAIN = None # A string like ".lawrence.com", or
None for standard domain cookie.
+SESSION_COOKIE_SECURE = False # Whether the session cookie should
be secure (https:// only).
SESSION_SAVE_EVERY_REQUEST = False # Whether to save the session data
on every request.
SESSION_EXPIRE_AT_BROWSER_CLOSE = False # Whether sessions expire when a
user closes his browser.
Modified: django/trunk/django/contrib/sessions/middleware.py
===================================================================
--- django/trunk/django/contrib/sessions/middleware.py 2006-08-12 05:55:28 UTC
(rev 3569)
+++ django/trunk/django/contrib/sessions/middleware.py 2006-08-12 06:02:28 UTC
(rev 3570)
@@ -88,5 +88,6 @@
new_session = Session.objects.save(session_key,
request.session._session,
datetime.datetime.now() +
datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE))
response.set_cookie(settings.SESSION_COOKIE_NAME, session_key,
- max_age=max_age, expires=expires,
domain=settings.SESSION_COOKIE_DOMAIN)
+ max_age=max_age, expires=expires,
domain=settings.SESSION_COOKIE_DOMAIN,
+ secure=settings.SESSION_COOKIE_SECURE or None)
return response
Modified: django/trunk/docs/sessions.txt
===================================================================
--- django/trunk/docs/sessions.txt 2006-08-12 05:55:28 UTC (rev 3569)
+++ django/trunk/docs/sessions.txt 2006-08-12 06:02:28 UTC (rev 3570)
@@ -245,6 +245,17 @@
The name of the cookie to use for sessions. This can be whatever you want.
+SESSION_COOKIE_SECURE
+---------------------
+
+**New in Django development version**
+
+Default: ``False``
+
+Whether to use a secure cookie for the session cookie. If this is set to
+``True``, the cookie will be marked as "secure," which means browsers may
+ensure that the cookie is only sent under an HTTPS connection.
+
SESSION_EXPIRE_AT_BROWSER_CLOSE
-------------------------------
Modified: django/trunk/docs/settings.txt
===================================================================
--- django/trunk/docs/settings.txt 2006-08-12 05:55:28 UTC (rev 3569)
+++ django/trunk/docs/settings.txt 2006-08-12 06:02:28 UTC (rev 3570)
@@ -647,6 +647,18 @@
The name of the cookie to use for sessions. This can be whatever you want.
See the `session docs`_.
+SESSION_COOKIE_SECURE
+---------------------
+
+**New in Django development version**
+
+Default: ``False``
+
+Whether to use a secure cookie for the session cookie. If this is set to
+``True``, the cookie will be marked as "secure," which means browsers may
+ensure that the cookie is only sent under an HTTPS connection.
+See the `session docs`_.
+
SESSION_EXPIRE_AT_BROWSER_CLOSE
-------------------------------
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates
-~----------~----~----~----~------~----~------~--~---
