diff options
| author | Claude Paroz <claude@2xlibre.net> | 2012-04-01 17:13:55 +0000 |
|---|---|---|
| committer | Claude Paroz <claude@2xlibre.net> | 2012-04-01 17:13:55 +0000 |
| commit | cb2fafe57443ff499e992f6b166b6097bdb54907 (patch) | |
| tree | 7ecb19714aacdcd6a1c810af5ddbd883bd9fcfb4 /docs | |
| parent | b41ebcf1b9454bf0905c69594fa2dd1af19e7a60 (diff) | |
Fixed #18045 -- Corrected the documented default value of SESSION_COOKIE_HTTPONLY setting. Missing bit of r17135.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17862 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/ref/settings.txt | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index a1a0c76470..7b5c3633c6 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -1711,7 +1711,7 @@ domain cookie. See the :doc:`/topics/http/sessions`. SESSION_COOKIE_HTTPONLY ----------------------- -Default: ``False`` +Default: ``True`` Whether to use HTTPOnly flag on the session cookie. If this is set to ``True``, client-side JavaScript will not to be able to access the @@ -1725,6 +1725,9 @@ protected cookie data. .. _HTTPOnly: http://www.owasp.org/index.php/HTTPOnly +.. versionchanged:: 1.4 + The default value of the setting was changed from ``False`` to ``True``. + .. setting:: SESSION_COOKIE_NAME SESSION_COOKIE_NAME |
