summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorClaude Paroz <claude@2xlibre.net>2012-04-01 17:17:21 +0000
committerClaude Paroz <claude@2xlibre.net>2012-04-01 17:17:21 +0000
commit456d4db251ac8b04f10d7f09eb711f5cc9a73e8d (patch)
tree44989218acc5bf6dbd80e28b1b3c945a47beb739 /docs
parentaafa73db546683edbaefdd17859f2722349e9373 (diff)
[1.4.X] Fixed #18045 -- Corrected the documented default value of SESSION_COOKIE_HTTPONLY setting. Missing bit of r17135.
Backport of r17862 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.4.X@17863 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs')
-rw-r--r--docs/ref/settings.txt5
1 files changed, 4 insertions, 1 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index c06ef1ad3f..1dabdaeb10 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -1711,7 +1711,7 @@ domain cookie. See the :doc:`/topics/http/sessions`.
SESSION_COOKIE_HTTPONLY
-----------------------
-Default: ``False``
+Default: ``True``
Whether to use HTTPOnly flag on the session cookie. If this is set to
``True``, client-side JavaScript will not to be able to access the
@@ -1725,6 +1725,9 @@ protected cookie data.
.. _HTTPOnly: http://www.owasp.org/index.php/HTTPOnly
+.. versionchanged:: 1.4
+ The default value of the setting was changed from ``False`` to ``True``.
+
.. setting:: SESSION_COOKIE_NAME
SESSION_COOKIE_NAME