#3304: [patch] Support "httponly"-attribute in session cookie.
-------------------------------------+--------------------------------------
Reporter: arvin | Owner: nobody
Status: new | Milestone:
Component: Core framework | Version: SVN
Resolution: | Keywords: session security
Stage: Accepted | Has_patch: 1
Needs_docs: 0 | Needs_tests: 1
Needs_better_patch: 0 |
-------------------------------------+--------------------------------------
Changes (by russellm):
* component: Contrib apps => Core framework
* stage: Someday/Maybe => Accepted
Comment:
@jsocol: This can't get onto the 1.2.X branch, because that branch is in
support mode, and this would represent a new feature. However, it can be
considered for inclusion in trunk, which will become 1.3.
The landscape seems to have changed a bit since Jacob "someday/maybe"d
this three years ago; I'm happy to push this to accepted now, based on the
existence of native Python support, and the
[http://www.owasp.org/index.php/HttpOnly apparent level of browser
support].
As the ticket metadata indicates, the patch also requires tests. This is
particularly important since we're introducing a workaround for Python 2.5
and previous.
--
Ticket URL: <http://code.djangoproject.com/ticket/3304#comment:26>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
