diff --git a/django/conf/global_settings.py b/django/conf/global_settings.py index b3cbf095c3..6779dbd6a8 100644 --- a/django/conf/global_settings.py +++ b/django/conf/global_settings.py @@ -275,6 +275,7 @@ SESSION_COOKIE_NAME = 'sessionid' # Cookie name. This can SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 # Age of cookie, in seconds (default: 2 weeks). SESSION_COOKIE_DOMAIN = None # A string like ".lawrence.com", or None for standard domain cookie. SESSION_COOKIE_SECURE = False # Whether the session cookie should be secure (https:// only). +SESSION_COOKIE_PATH = '/' # The path of the session cookie. SESSION_SAVE_EVERY_REQUEST = False # Whether to save the session data on every request. SESSION_EXPIRE_AT_BROWSER_CLOSE = False # Whether sessions expire when a user closes his browser. SESSION_ENGINE = 'django.contrib.sessions.backends.db' # The module to store session data diff --git a/django/contrib/sessions/middleware.py b/django/contrib/sessions/middleware.py index 4c3c5acc43..7b6c826805 100644 --- a/django/contrib/sessions/middleware.py +++ b/django/contrib/sessions/middleware.py @@ -31,7 +31,7 @@ class SessionMiddleware(object): else: max_age = settings.SESSION_COOKIE_AGE rfcdate = formatdate(time.time() + settings.SESSION_COOKIE_AGE) - + # Fixed length date must have '-' separation in the format # DD-MMM-YYYY for compliance with Netscape cookie standard expires = datetime.datetime.strftime(datetime.datetime.utcnow() + \ @@ -39,8 +39,10 @@ class SessionMiddleware(object): # Save the seesion data and refresh the client cookie. request.session.save() - response.set_cookie(settings.SESSION_COOKIE_NAME, request.session.session_key, - max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN, - secure=settings.SESSION_COOKIE_SECURE or None) - + response.set_cookie(settings.SESSION_COOKIE_NAME, + request.session.session_key, max_age=max_age, + expires=expires, domain=settings.SESSION_COOKIE_DOMAIN, + path=settings.SESSION_COOKIE_PATH, + secure=settings.SESSION_COOKIE_SECURE or None) + return response diff --git a/docs/settings.txt b/docs/settings.txt index 275301869e..3d7bd5a318 100644 --- a/docs/settings.txt +++ b/docs/settings.txt @@ -475,7 +475,7 @@ FIXTURE_DIRS Default: ``()`` (Empty tuple) List of locations of the fixture data files, in search order. Note that -these paths should use Unix-style forward slashes, even on Windows. See +these paths should use Unix-style forward slashes, even on Windows. See `Testing Django Applications`_. .. _Testing Django Applications: ../testing/ @@ -731,8 +731,8 @@ SERIALIZATION_MODULES Default: Not defined. -A dictionary of modules containing serializer definitions (provided as -strings), keyed by a string identifier for that serialization type. For +A dictionary of modules containing serializer definitions (provided as +strings), keyed by a string identifier for that serialization type. For example, to define a YAML serializer, use:: SERIALIZATION_MODULES = { 'yaml' : 'path.to.yaml_serializer' } @@ -754,10 +754,10 @@ Default: ``django.contrib.sessions.backends.db`` Controls where Django stores session data. Valid values are: - * ``'django.contrib.sessions.backends.db'`` - * ``'django.contrib.sessions.backends.file'`` + * ``'django.contrib.sessions.backends.db'`` + * ``'django.contrib.sessions.backends.file'`` * ``'django.contrib.sessions.backends.cache'`` - + See the `session docs`_ for more details. SESSION_COOKIE_AGE @@ -784,6 +784,16 @@ Default: ``'sessionid'`` The name of the cookie to use for sessions. This can be whatever you want. See the `session docs`_. +SESSION_COOKIE_PATH +------------------- + +Default: ``'/'`` + +The path set on the session cookie. Should match the URL path of your Django +installation (or be parent of that path). This is useful if you have multiple +Django instances running under the same hostname; they can use different +cookie paths and each instance will only see its own session cookie. + SESSION_COOKIE_SECURE ---------------------