diff options
| author | Adrian Holovaty <adrian@holovaty.com> | 2006-08-12 06:02:28 +0000 |
|---|---|---|
| committer | Adrian Holovaty <adrian@holovaty.com> | 2006-08-12 06:02:28 +0000 |
| commit | 45be33a6327bccae60319982254ee62f65bea11e (patch) | |
| tree | 928cc9428dc0e1de30fe93845c2bd09e29f66f88 | |
| parent | 20070d9117d8014aefe69539f976951009b59bd9 (diff) | |
| download | django-45be33a6327bccae60319982254ee62f65bea11e.tar.gz | |
Fixed #2523 -- Added SESSION_COOKIE_SECURE setting. Thanks, mir@noris.de
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3570 bcc190cf-cafb-0310-a4f2-bffc1f526a37
| -rw-r--r-- | django/conf/global_settings.py | 1 | ||||
| -rw-r--r-- | django/contrib/sessions/middleware.py | 3 | ||||
| -rw-r--r-- | docs/sessions.txt | 11 | ||||
| -rw-r--r-- | docs/settings.txt | 12 |
4 files changed, 26 insertions, 1 deletions
diff --git a/django/conf/global_settings.py b/django/conf/global_settings.py index a00e2ba4eb..4ea694d064 100644 --- a/django/conf/global_settings.py +++ b/django/conf/global_settings.py @@ -252,6 +252,7 @@ MIDDLEWARE_CLASSES = ( SESSION_COOKIE_NAME = 'sessionid' # Cookie name. This can be whatever you want. SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 # Age of cookie, in seconds (default: 2 weeks). SESSION_COOKIE_DOMAIN = None # A string like ".lawrence.com", or None for standard domain cookie. +SESSION_COOKIE_SECURE = False # Whether the session cookie should be secure (https:// only). SESSION_SAVE_EVERY_REQUEST = False # Whether to save the session data on every request. SESSION_EXPIRE_AT_BROWSER_CLOSE = False # Whether sessions expire when a user closes his browser. diff --git a/django/contrib/sessions/middleware.py b/django/contrib/sessions/middleware.py index dde4f1a6c0..2337ad8a61 100644 --- a/django/contrib/sessions/middleware.py +++ b/django/contrib/sessions/middleware.py @@ -88,5 +88,6 @@ class SessionMiddleware(object): new_session = Session.objects.save(session_key, request.session._session, datetime.datetime.now() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE)) response.set_cookie(settings.SESSION_COOKIE_NAME, session_key, - max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN) + max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN, + secure=settings.SESSION_COOKIE_SECURE or None) return response diff --git a/docs/sessions.txt b/docs/sessions.txt index c473d0a3db..d39f42c3bf 100644 --- a/docs/sessions.txt +++ b/docs/sessions.txt @@ -245,6 +245,17 @@ Default: ``'sessionid'`` The name of the cookie to use for sessions. This can be whatever you want. +SESSION_COOKIE_SECURE +--------------------- + +**New in Django development version** + +Default: ``False`` + +Whether to use a secure cookie for the session cookie. If this is set to +``True``, the cookie will be marked as "secure," which means browsers may +ensure that the cookie is only sent under an HTTPS connection. + SESSION_EXPIRE_AT_BROWSER_CLOSE ------------------------------- diff --git a/docs/settings.txt b/docs/settings.txt index 099196e56e..67e0498e1a 100644 --- a/docs/settings.txt +++ b/docs/settings.txt @@ -647,6 +647,18 @@ Default: ``'sessionid'`` The name of the cookie to use for sessions. This can be whatever you want. See the `session docs`_. +SESSION_COOKIE_SECURE +--------------------- + +**New in Django development version** + +Default: ``False`` + +Whether to use a secure cookie for the session cookie. If this is set to +``True``, the cookie will be marked as "secure," which means browsers may +ensure that the cookie is only sent under an HTTPS connection. +See the `session docs`_. + SESSION_EXPIRE_AT_BROWSER_CLOSE ------------------------------- |