#6657: HttpResponse.set_cookie(secure=False) still sets secure cookies
-----------------------+----------------------------------------------------
Reporter: Gulopine | Owner: nobody
Status: new | Component: HTTP handling
Version: SVN | Keywords:
Stage: Unreviewed | Has_patch: 1
-----------------------+----------------------------------------------------
Currently, `set_cookie()` sets the `secure` attribute on the outgoing
cookie if it's anything other than `None`, but since the `secure`
attribute on cookies doesn't actually use a value, it gets sent out as
secure any time ''any'' value is set on the cookie. This means that using
`secure=False` results in a secure cookie. While it's still possible to
set a non-secure cookie by simply omitting the `secure` argument entirely,
the current behavior seems counter-intuitive.
{{{
#!python
>>> from django.http import HttpResponse
>>> response = HttpResponse()
>>> response.set_cookie('a')
>>> response.set_cookie('b', secure=False)
>>> response.set_cookie('c', secure=True)
>>> print response.cookies
Set-Cookie: a=; Path=/
Set-Cookie; b=; Path=/; secure
Set-Cookie; c=; Path=/; secure
}}}
--
Ticket URL: <http://code.djangoproject.com/ticket/6657>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
