#3304: Support "httponly"-attribute in session cookie.
----------------------------+-----------------------------------------------
Reporter: arvin | Owner: adrian
Type: enhancement | Status: new
Priority: normal | Milestone: Version 1.0
Component: Core framework | Version: SVN
Severity: normal | Resolution:
Keywords: |
----------------------------+-----------------------------------------------
Comment (by Simon Willison):
I've always wondered if there's a downside to doing this - it seems like a
great idea, but you rarely see sites actually doing it. It should
definitely be possible to do this from Django, but I'd like confirmation
that it doesn't break things for some browsers / proxies / what have you
before recommending it be turned on by default. As far as I can tell it
breaks the cookie spec (if such a thing exists).
--
Ticket URL: <http://code.djangoproject.com/ticket/3304#comment:>
Django <http://code.djangoproject.org/>
The web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django
updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
