Changeset d6f7d1a

Timestamp:

Dec 3, 2011, 3:05:03 AM (14 years ago)

Author:

Alex Dehnert <adehnert@…>

Branches:

master, space-access, stable, stage, test-hooks

Children:

281891e

Parents:

48f6e0c

git-author:

Alex Dehnert <adehnert@…> (12/03/11 03:05:03)

git-committer:

Alex Dehnert <adehnert@…> (12/03/11 03:05:03)

Message:

Make our session cookies more secure

The database should only be accessed using https, and doesn't include any
significant JavaScript?. Thus, set the cookie to be Secure and HTTPOnly.

File:

• asadb/settings.py (modified) (1 diff)

asadb/settings.py

@@ -24 +24 @@
 
 ENABLE_SCRIPTS_AUTH = True
+
+SESSION_COOKIE_SECURE = True
+SESSION_COOKIE_HTTPONLY = True
 
 LOGFILE = "asa-db.log"