#22185: CSRF cookie should be configurable ------------------------------+-------------------- Reporter: rogerhu | Owner: nobody Type: New feature | Status: new Component: contrib.csrf | Version: master Severity: Normal | Keywords: Triage Stage: Unreviewed | Has patch: 1 Easy pickings: 0 | UI/UX: 0 ------------------------------+-------------------- Internet Explorer has the ability to block/disable persistent cookies (http://support.microsoft.com/kb/196955), and corruption of the index.dat cache (i.e. disk errors that need to be repaired via CHKDSK) can cause Django sites to authenticate correctly but fail to do FORM POST's. To avoid this behavior, provide the option to configure the CSRF cookie age so that cookies can be configured to be persistent or session-based.
Changes (including test and documentation) are included here: https://github.com/django/django/pull/2387/files -- Ticket URL: <https://code.djangoproject.com/ticket/22185> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/050.4db2d2c62f1b35b243b9dac591103d6e%40djangoproject.com. For more options, visit https://groups.google.com/groups/opt_out.