1 2 3 4 5 6 7 | from django.conf import settings
class cookie_httponly:
def process_response(self, request, response):
if response.cookies.has_key(settings.SESSION_COOKIE_NAME):
response.cookies[settings.SESSION_COOKIE_NAME]['httponly'] = True
return response
|
More like this
- Middleware for using HttpOnly session cookie (including monkey patching for support for Python <2.6) by chrj 2 years ago
- Sessions and authentication without cookies by danfairs 4 years, 6 months ago
- CurrentSessionIDMiddleware by troolee 1 year, 10 months ago
- Another Cookieless Session Middleware by lvscar 2 years, 11 months ago
- Cookieless Session Middleware by juliocarlos 3 years, 5 months ago
Feed of latest snippets
Comments
+1.
You know it is a bit odd that Django has not adapted this the right way, that is by adding it to the Set-Cookie header in the first place.
If anyone else is interested about this see also the article about importance of this in Coding Horror, and the ticket #3304 in Django ticket system about the addition of HttpOnly.
#
Django 1.3 includes a SESSION_COOKIE_HTTPONLY setting.
#