#3304: Support "httponly"-attribute in session cookie.
----------------------------+-----------------------------------------------
Reporter: arvin | Owner: adrian
Type: enhancement | Status: new
Priority: normal | Milestone: Version 1.0
Component: Core framework | Version: SVN
Severity: normal | Keywords:
----------------------------+-----------------------------------------------
The cookie used for the session id should get the "httponly"-attribute to
mitigate XSS.
See
[http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp].
--
Ticket URL: <http://code.djangoproject.com/ticket/3304>
Django <http://code.djangoproject.org/>
The web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django
updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
