The default session sets httponly cookies as a security precaution to make it harder for cross site scripting to get access to your session cookie. You can disable it if you need access to the session cookie by specifying the following config parameter:
web.config.session_parameters.httponly = False -Justin On Oct 4, 8:17 am, bm <[email protected]> wrote: > Hi. > > I have trouble with sessions worked over an https connection. > > The code is: > > initializer = {'logged_in': False} > web.config.session_parameters['cookie_name'] = 'adm_sess' > web.config.session_parameters['cookie_domain'] = None > web.config.session_parameters['timeout'] = 86400*30 > web.config.session_parameters['ignore_expiry'] = False > web.config.session_parameters['ignore_change_ip'] = True > web.config.session_parameters['secret_key'] = '****************' > web.config.session_parameters['expired_message'] = 'Session expired' > session = web.session.Session(app, web.session.DiskStore('/tmp/ > adm_sessions'), initializer=initializer) > > And here is what I'm get in headers: > > HTTP/1.1 200 OK > Content-Type: text/html; charset=utf-8 > Set-Cookie: adm_sess=10999fd5fc3e7c5be9a8e0c162eaa440f6d79742; Path=/; > httponly > Connection: close > Date: Tue, 04 Oct 2011 15:16:02 GMT > Server: localhost > Transfer-Encoding: Identity > > Why it sends me an `httponly` parameter? What should i do to make it > work? > > Thanks! -- You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/webpy?hl=en.
