Fixed #2523 -- Added SESSION_COOKIE_SECURE setting. Thanks, mir@noris.de
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3570 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
20070d9117
commit
45be33a632
|
@ -252,6 +252,7 @@ MIDDLEWARE_CLASSES = (
|
||||||
SESSION_COOKIE_NAME = 'sessionid' # Cookie name. This can be whatever you want.
|
SESSION_COOKIE_NAME = 'sessionid' # Cookie name. This can be whatever you want.
|
||||||
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 # Age of cookie, in seconds (default: 2 weeks).
|
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 # Age of cookie, in seconds (default: 2 weeks).
|
||||||
SESSION_COOKIE_DOMAIN = None # A string like ".lawrence.com", or None for standard domain cookie.
|
SESSION_COOKIE_DOMAIN = None # A string like ".lawrence.com", or None for standard domain cookie.
|
||||||
|
SESSION_COOKIE_SECURE = False # Whether the session cookie should be secure (https:// only).
|
||||||
SESSION_SAVE_EVERY_REQUEST = False # Whether to save the session data on every request.
|
SESSION_SAVE_EVERY_REQUEST = False # Whether to save the session data on every request.
|
||||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = False # Whether sessions expire when a user closes his browser.
|
SESSION_EXPIRE_AT_BROWSER_CLOSE = False # Whether sessions expire when a user closes his browser.
|
||||||
|
|
||||||
|
|
|
@ -88,5 +88,6 @@ class SessionMiddleware(object):
|
||||||
new_session = Session.objects.save(session_key, request.session._session,
|
new_session = Session.objects.save(session_key, request.session._session,
|
||||||
datetime.datetime.now() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE))
|
datetime.datetime.now() + datetime.timedelta(seconds=settings.SESSION_COOKIE_AGE))
|
||||||
response.set_cookie(settings.SESSION_COOKIE_NAME, session_key,
|
response.set_cookie(settings.SESSION_COOKIE_NAME, session_key,
|
||||||
max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN)
|
max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
|
||||||
|
secure=settings.SESSION_COOKIE_SECURE or None)
|
||||||
return response
|
return response
|
||||||
|
|
|
@ -245,6 +245,17 @@ Default: ``'sessionid'``
|
||||||
|
|
||||||
The name of the cookie to use for sessions. This can be whatever you want.
|
The name of the cookie to use for sessions. This can be whatever you want.
|
||||||
|
|
||||||
|
SESSION_COOKIE_SECURE
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
**New in Django development version**
|
||||||
|
|
||||||
|
Default: ``False``
|
||||||
|
|
||||||
|
Whether to use a secure cookie for the session cookie. If this is set to
|
||||||
|
``True``, the cookie will be marked as "secure," which means browsers may
|
||||||
|
ensure that the cookie is only sent under an HTTPS connection.
|
||||||
|
|
||||||
SESSION_EXPIRE_AT_BROWSER_CLOSE
|
SESSION_EXPIRE_AT_BROWSER_CLOSE
|
||||||
-------------------------------
|
-------------------------------
|
||||||
|
|
||||||
|
|
|
@ -647,6 +647,18 @@ Default: ``'sessionid'``
|
||||||
The name of the cookie to use for sessions. This can be whatever you want.
|
The name of the cookie to use for sessions. This can be whatever you want.
|
||||||
See the `session docs`_.
|
See the `session docs`_.
|
||||||
|
|
||||||
|
SESSION_COOKIE_SECURE
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
**New in Django development version**
|
||||||
|
|
||||||
|
Default: ``False``
|
||||||
|
|
||||||
|
Whether to use a secure cookie for the session cookie. If this is set to
|
||||||
|
``True``, the cookie will be marked as "secure," which means browsers may
|
||||||
|
ensure that the cookie is only sent under an HTTPS connection.
|
||||||
|
See the `session docs`_.
|
||||||
|
|
||||||
SESSION_EXPIRE_AT_BROWSER_CLOSE
|
SESSION_EXPIRE_AT_BROWSER_CLOSE
|
||||||
-------------------------------
|
-------------------------------
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue