Middleware to set "sessionid" (ou your session cookie) with httponly (see "Django bug report"). To work, you need put it before "SessionMiddleware"
1 2 3 4 5 6 7 | from django.conf import settings
class cookie_httponly:
def process_response(self, request, response):
if response.cookies.has_key(settings.SESSION_COOKIE_NAME):
response.cookies[settings.SESSION_COOKIE_NAME]['httponly'] = True
return response
|
More like this
- Template tag - list punctuation for a list of items by shapiromatron 11 months, 2 weeks ago
- JSONRequestMiddleware adds a .json() method to your HttpRequests by cdcarter 11 months, 3 weeks ago
- Serializer factory with Django Rest Framework by julio 1 year, 6 months ago
- Image compression before saving the new model / work with JPG, PNG by Schleidens 1 year, 7 months ago
- Help text hyperlinks by sa2812 1 year, 8 months ago
Comments
Django 1.3 includes a SESSION_COOKIE_HTTPONLY setting.
#
Please login first before commenting.