Hi, I propose to add a setting that makes cookies 'secure'.
The secure flag tells the browser to send this cookie only over https. The idea is that https makes sure that the cookie does not leak out to a domain that belongs to someone else, even when the DNS has been tampered. Since the authentication cookie logs you in, I consider this a must for any https website that needs security. I will make a patch if I get a 'go' from Adrian or Jacob. Michael --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers -~----------~----~----~----~------~----~------~--~---
