Fixed #2523 -- Added SESSION_COOKIE_SECURE setting. Thanks, mir@noris.de

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3570 bcc190cf-cafb-0310-a4f2-bffc1f526a37

2 files changed, 23 insertions, 0 deletions

diff --git a/docs/sessions.txt b/docs/sessions.txt
index c473d0a3db..d39f42c3bf 100644
--- a/docs/sessions.txt
+++ b/docs/sessions.txt
@@ -245,6 +245,17 @@ Default: ``'sessionid'``
 
 The name of the cookie to use for sessions. This can be whatever you want.
 
+SESSION_COOKIE_SECURE
+---------------------
+
+**New in Django development version**
+
+Default: ``False``
+
+Whether to use a secure cookie for the session cookie. If this is set to
+``True``, the cookie will be marked as "secure," which means browsers may
+ensure that the cookie is only sent under an HTTPS connection.
+
 SESSION_EXPIRE_AT_BROWSER_CLOSE
 -------------------------------
 
diff --git a/docs/settings.txt b/docs/settings.txt
index 099196e56e..67e0498e1a 100644
--- a/docs/settings.txt
+++ b/docs/settings.txt
@@ -647,6 +647,18 @@ Default: ``'sessionid'``
 The name of the cookie to use for sessions. This can be whatever you want.
 See the `session docs`_.
 
+SESSION_COOKIE_SECURE
+---------------------
+
+**New in Django development version**
+
+Default: ``False``
+
+Whether to use a secure cookie for the session cookie. If this is set to
+``True``, the cookie will be marked as "secure," which means browsers may
+ensure that the cookie is only sent under an HTTPS connection.
+See the `session docs`_.
+
 SESSION_EXPIRE_AT_BROWSER_CLOSE
 -------------------------------