Author: claudep Date: 2012-04-01 10:17:21 -0700 (Sun, 01 Apr 2012) New Revision: 17863
Modified: django/branches/releases/1.4.X/docs/ref/settings.txt Log: [1.4.X] Fixed #18045 -- Corrected the documented default value of SESSION_COOKIE_HTTPONLY setting. Missing bit of r17135. Backport of r17862 from trunk. Modified: django/branches/releases/1.4.X/docs/ref/settings.txt =================================================================== --- django/branches/releases/1.4.X/docs/ref/settings.txt 2012-04-01 17:13:55 UTC (rev 17862) +++ django/branches/releases/1.4.X/docs/ref/settings.txt 2012-04-01 17:17:21 UTC (rev 17863) @@ -1711,7 +1711,7 @@ SESSION_COOKIE_HTTPONLY ----------------------- -Default: ``False`` +Default: ``True`` Whether to use HTTPOnly flag on the session cookie. If this is set to ``True``, client-side JavaScript will not to be able to access the @@ -1725,6 +1725,9 @@ .. _HTTPOnly: http://www.owasp.org/index.php/HTTPOnly +.. versionchanged:: 1.4 + The default value of the setting was changed from ``False`` to ``True``. + .. setting:: SESSION_COOKIE_NAME SESSION_COOKIE_NAME -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-updates?hl=en.