Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #2523 -- Added SESSION_COOKIE_SECURE setting. Thanks, mir@noris.de

git-svn-id: http://code.djangoproject.com/svn/django/trunk@3570 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 45be33a6327bccae60319982254ee62f65bea11e 1 parent 20070d9
Adrian Holovaty authored August 12, 2006
1  django/conf/global_settings.py
@@ -252,6 +252,7 @@
252 252
 SESSION_COOKIE_NAME = 'sessionid'         # Cookie name. This can be whatever you want.
253 253
 SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 # Age of cookie, in seconds (default: 2 weeks).
254 254
 SESSION_COOKIE_DOMAIN = None              # A string like ".lawrence.com", or None for standard domain cookie.
  255
+SESSION_COOKIE_SECURE = False             # Whether the session cookie should be secure (https:// only).
255 256
 SESSION_SAVE_EVERY_REQUEST = False        # Whether to save the session data on every request.
256 257
 SESSION_EXPIRE_AT_BROWSER_CLOSE = False   # Whether sessions expire when a user closes his browser.
257 258
 
3  django/contrib/sessions/middleware.py
@@ -88,5 +88,6 @@ def process_response(self, request, response):
88 88
                 new_session = Session.objects.save(session_key, request.session._session,
89 89
                     datetime.datetime.now() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE))
90 90
                 response.set_cookie(settings.SESSION_COOKIE_NAME, session_key,
91  
-                    max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN)
  91
+                    max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
  92
+                    secure=settings.SESSION_COOKIE_SECURE or None)
92 93
         return response
11  docs/sessions.txt
@@ -245,6 +245,17 @@ Default: ``'sessionid'``
245 245
 
246 246
 The name of the cookie to use for sessions. This can be whatever you want.
247 247
 
  248
+SESSION_COOKIE_SECURE
  249
+---------------------
  250
+
  251
+**New in Django development version**
  252
+
  253
+Default: ``False``
  254
+
  255
+Whether to use a secure cookie for the session cookie. If this is set to
  256
+``True``, the cookie will be marked as "secure," which means browsers may
  257
+ensure that the cookie is only sent under an HTTPS connection.
  258
+
248 259
 SESSION_EXPIRE_AT_BROWSER_CLOSE
249 260
 -------------------------------
250 261
 
12  docs/settings.txt
@@ -647,6 +647,18 @@ Default: ``'sessionid'``
647 647
 The name of the cookie to use for sessions. This can be whatever you want.
648 648
 See the `session docs`_.
649 649
 
  650
+SESSION_COOKIE_SECURE
  651
+---------------------
  652
+
  653
+**New in Django development version**
  654
+
  655
+Default: ``False``
  656
+
  657
+Whether to use a secure cookie for the session cookie. If this is set to
  658
+``True``, the cookie will be marked as "secure," which means browsers may
  659
+ensure that the cookie is only sent under an HTTPS connection.
  660
+See the `session docs`_.
  661
+
650 662
 SESSION_EXPIRE_AT_BROWSER_CLOSE
651 663
 -------------------------------
652 664
 

0 notes on commit 45be33a

Please sign in to comment.
Something went wrong with that request. Please try again.