I recently opened #16847, which proposes to set the HttpOnly property to True on session cookies by default in 1.4. I'm pretty sure this is the right approach, but I'd like a bit more feedback from the dev list here before I go ahead and do it. Are people running applications that would be broken by this change?
-Paul https://code.djangoproject.com/ticket/16847 -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.