Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed #4724 -- Added support for configurable session cookie paths. H…

…elps with

multiple Django installs under the same hostname. Thanks, frej and Graham
Dumpleton.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6545 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit e172e7be57af5ecdddf7c80361eed27d4658a9cd 1 parent 1a1a397
@malcolmt malcolmt authored
View
1  django/conf/global_settings.py
@@ -275,6 +275,7 @@
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 # Age of cookie, in seconds (default: 2 weeks).
SESSION_COOKIE_DOMAIN = None # A string like ".lawrence.com", or None for standard domain cookie.
SESSION_COOKIE_SECURE = False # Whether the session cookie should be secure (https:// only).
+SESSION_COOKIE_PATH = '/' # The path of the session cookie.
SESSION_SAVE_EVERY_REQUEST = False # Whether to save the session data on every request.
SESSION_EXPIRE_AT_BROWSER_CLOSE = False # Whether sessions expire when a user closes his browser.
SESSION_ENGINE = 'django.contrib.sessions.backends.db' # The module to store session data
View
12 django/contrib/sessions/middleware.py
@@ -31,7 +31,7 @@ def process_response(self, request, response):
else:
max_age = settings.SESSION_COOKIE_AGE
rfcdate = formatdate(time.time() + settings.SESSION_COOKIE_AGE)
-
+
# Fixed length date must have '-' separation in the format
# DD-MMM-YYYY for compliance with Netscape cookie standard
expires = datetime.datetime.strftime(datetime.datetime.utcnow() + \
@@ -39,8 +39,10 @@ def process_response(self, request, response):
# Save the seesion data and refresh the client cookie.
request.session.save()
- response.set_cookie(settings.SESSION_COOKIE_NAME, request.session.session_key,
- max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
- secure=settings.SESSION_COOKIE_SECURE or None)
-
+ response.set_cookie(settings.SESSION_COOKIE_NAME,
+ request.session.session_key, max_age=max_age,
+ expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
+ path=settings.SESSION_COOKIE_PATH,
+ secure=settings.SESSION_COOKIE_SECURE or None)
+
return response
View
22 docs/settings.txt
@@ -475,7 +475,7 @@ FIXTURE_DIRS
Default: ``()`` (Empty tuple)
List of locations of the fixture data files, in search order. Note that
-these paths should use Unix-style forward slashes, even on Windows. See
+these paths should use Unix-style forward slashes, even on Windows. See
`Testing Django Applications`_.
.. _Testing Django Applications: ../testing/
@@ -731,8 +731,8 @@ SERIALIZATION_MODULES
Default: Not defined.
-A dictionary of modules containing serializer definitions (provided as
-strings), keyed by a string identifier for that serialization type. For
+A dictionary of modules containing serializer definitions (provided as
+strings), keyed by a string identifier for that serialization type. For
example, to define a YAML serializer, use::
SERIALIZATION_MODULES = { 'yaml' : 'path.to.yaml_serializer' }
@@ -754,10 +754,10 @@ Default: ``django.contrib.sessions.backends.db``
Controls where Django stores session data. Valid values are:
- * ``'django.contrib.sessions.backends.db'``
- * ``'django.contrib.sessions.backends.file'``
+ * ``'django.contrib.sessions.backends.db'``
+ * ``'django.contrib.sessions.backends.file'``
* ``'django.contrib.sessions.backends.cache'``
-
+
See the `session docs`_ for more details.
SESSION_COOKIE_AGE
@@ -784,6 +784,16 @@ Default: ``'sessionid'``
The name of the cookie to use for sessions. This can be whatever you want.
See the `session docs`_.
+SESSION_COOKIE_PATH
+-------------------
+
+Default: ``'/'``
+
+The path set on the session cookie. Should match the URL path of your Django
+installation (or be parent of that path). This is useful if you have multiple
+Django instances running under the same hostname; they can use different
+cookie paths and each instance will only see its own session cookie.
+
SESSION_COOKIE_SECURE
---------------------
Please sign in to comment.
Something went wrong with that request. Please try again.