diff options
Diffstat (limited to 'django/http/response.py')
| -rw-r--r-- | django/http/response.py | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/django/http/response.py b/django/http/response.py index 76d731d53f..b6f29cc056 100644 --- a/django/http/response.py +++ b/django/http/response.py @@ -205,8 +205,13 @@ class HttpResponseBase: return self.set_cookie(key, value, **kwargs) def delete_cookie(self, key, path='/', domain=None): - self.set_cookie(key, max_age=0, path=path, domain=domain, - expires='Thu, 01 Jan 1970 00:00:00 GMT') + # Most browsers ignore the Set-Cookie header if the cookie name starts + # with __Host- or __Secure- and the cookie doesn't use the secure flag. + secure = key.startswith(('__Secure-', '__Host-')) + self.set_cookie( + key, max_age=0, path=path, domain=domain, secure=secure, + expires='Thu, 01 Jan 1970 00:00:00 GMT', + ) # Common methods used by subclasses |