diff options
Diffstat (limited to 'docs/topics/http')
| -rw-r--r-- | docs/topics/http/sessions.txt | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/docs/topics/http/sessions.txt b/docs/topics/http/sessions.txt index 85431b5b1c..f261a27f24 100644 --- a/docs/topics/http/sessions.txt +++ b/docs/topics/http/sessions.txt @@ -226,12 +226,18 @@ You can edit it multiple times. .. method:: flush() - Delete the current session data from the session and regenerate the - session key value that is sent back to the user in the cookie. This is - used if you want to ensure that the previous session data can't be - accessed again from the user's browser (for example, the + Deletes the current session data from the session and deletes the session + cookie. This is used if you want to ensure that the previous session data + can't be accessed again from the user's browser (for example, the :func:`django.contrib.auth.logout()` function calls it). + .. versionchanged:: 1.7.10 + + Deletion of the session cookie was added. Previously, the behavior + was to regenerate the session key value that was sent back to the + user in the cookie, but this could be a denial-of-service + vulnerability. + .. method:: set_test_cookie() Sets a test cookie to determine whether the user's browser supports |