#22185: CSRF cookie should be configurable
------------------------------+--------------------
Reporter: rogerhu | Owner: nobody
Type: New feature | Status: new
Component: contrib.csrf | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 1
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------
Internet Explorer has the ability to block/disable persistent cookies
(http://support.microsoft.com/kb/196955), and corruption of the index.dat
cache
(i.e. disk errors that need to be repaired via CHKDSK) can cause Django
sites to authenticate correctly but fail to do FORM POST's. To
avoid this behavior, provide the option to configure the CSRF cookie age
so that cookies can be configured to be persistent or session-based.
Changes (including test and documentation) are included here:
https://github.com/django/django/pull/2387/files
--
Ticket URL: <https://code.djangoproject.com/ticket/22185>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/050.4db2d2c62f1b35b243b9dac591103d6e%40djangoproject.com.
For more options, visit https://groups.google.com/groups/opt_out.
