Login

Add httponly to session cookie

Author:
rodolfo.3
Posted:
April 12, 2010
Language:
Python
Version:
1.1
Score:
1 (after 1 ratings)

Middleware to set "sessionid" (ou your session cookie) with httponly (see "Django bug report"). To work, you need put it before "SessionMiddleware"

1
2
3
4
5
6
7
from django.conf import settings

class cookie_httponly:
    def process_response(self, request, response):
        if response.cookies.has_key(settings.SESSION_COOKIE_NAME):
            response.cookies[settings.SESSION_COOKIE_NAME]['httponly'] = True
        return response

More like this

  1. Template tag - list punctuation for a list of items by shapiromatron 10 months, 2 weeks ago
  2. JSONRequestMiddleware adds a .json() method to your HttpRequests by cdcarter 10 months, 3 weeks ago
  3. Serializer factory with Django Rest Framework by julio 1 year, 5 months ago
  4. Image compression before saving the new model / work with JPG, PNG by Schleidens 1 year, 6 months ago
  5. Help text hyperlinks by sa2812 1 year, 6 months ago

Comments

arthur (on October 4, 2011):

Django 1.3 includes a SESSION_COOKIE_HTTPONLY setting.

#

Please login first before commenting.