Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Improve cookie based session backend docs.

Note the don't require sessions to be in installed apps.
  • Loading branch information...
commit d9c01da1f8ba3d4e0947fd1d619c8f4a9b013360 1 parent 2d0e36a
@mjtamlyn mjtamlyn authored
Showing with 7 additions and 0 deletions.
  1. +7 −0 docs/topics/http/sessions.txt
View
7 docs/topics/http/sessions.txt
@@ -120,6 +120,13 @@ and the :setting:`SECRET_KEY` setting.
.. note::
+ When using cookies-based sessions :mod:`django.contrib.sessions` can be
+ removed from :setting:`INSTALLED_APPS` setting because data is loaded
+ from the key itself and not from the database, so there is no need for the
+ creation and usage of ``django.contrib.sessions.models.Session`` table.
+
+.. note::
+
It's recommended to leave the :setting:`SESSION_COOKIE_HTTPONLY` setting
``True`` to prevent tampering of the stored data from JavaScript.
Please sign in to comment.
Something went wrong with that request. Please try again.