Author: claudep Date: 2012-04-01 10:13:55 -0700 (Sun, 01 Apr 2012) New Revision: 17862
Modified: django/trunk/docs/ref/settings.txt Log: Fixed #18045 -- Corrected the documented default value of SESSION_COOKIE_HTTPONLY setting. Missing bit of r17135. Modified: django/trunk/docs/ref/settings.txt =================================================================== --- django/trunk/docs/ref/settings.txt 2012-03-31 22:24:24 UTC (rev 17861) +++ django/trunk/docs/ref/settings.txt 2012-04-01 17:13:55 UTC (rev 17862) @@ -1711,7 +1711,7 @@ SESSION_COOKIE_HTTPONLY ----------------------- -Default: ``False`` +Default: ``True`` Whether to use HTTPOnly flag on the session cookie. If this is set to ``True``, client-side JavaScript will not to be able to access the @@ -1725,6 +1725,9 @@ .. _HTTPOnly: http://www.owasp.org/index.php/HTTPOnly +.. versionchanged:: 1.4 + The default value of the setting was changed from ``False`` to ``True``. + .. setting:: SESSION_COOKIE_NAME SESSION_COOKIE_NAME -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-updates?hl=en.