Add httponly to session cookie

1
2
3
4
5
6
7
from django.conf import settings

class cookie_httponly:
    def process_response(self, request, response):
        if response.cookies.has_key(settings.SESSION_COOKIE_NAME):
            response.cookies[settings.SESSION_COOKIE_NAME]['httponly'] = True
        return response

More like this

  1. CurrentSessionIDMiddleware by troolee 3 years, 8 months ago
  2. Middleware for using HttpOnly session cookie (including monkey patching for support for Python <2.6) by chrj 3 years, 11 months ago
  3. Sessions and authentication without cookies by danfairs 6 years, 5 months ago
  4. Cookie based Messages (deprecated) by guettli 4 years, 12 months ago
  5. Upload, Progressbar with sessions by revolunet 5 years, 7 months ago

Comments

arthur (on October 4, 2011):

Django 1.3 includes a SESSION_COOKIE_HTTPONLY setting.

#

(Forgotten your password?)