#17766: Clarify impact of HttpOnly flag for JS access to session cookie
--------------------------------------+--------------------
Reporter: ptone | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: SVN
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 1
Easy pickings: 0 | UI/UX: 0
--------------------------------------+--------------------
https://github.com/django/django/pull/115
This change impacts anyone accessing the session data from Javascript, for
example, when relaying the session ID into a querystring in the case of
flash uploading tools. I'm not opening a debate on whether this is proper
to do or not, just that it will help people understand possible impacts of
this change when using other people's code that may do this (as happened
to me).
--
Ticket URL: <https://code.djangoproject.com/ticket/17766>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
