Commit cb2fafe5 authored by Claude Paroz's avatar Claude Paroz
Browse files

Fixed #18045 -- Corrected the documented default value of... 

Fixed #18045 -- Corrected the documented default value of SESSION_COOKIE_HTTPONLY setting. Missing bit of r17135.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@17862 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent b41ebcf1

docs/ref/settings.txt

+4 −1
Original line number Diff line number Diff line
@@ -1711,7 +1711,7 @@ domain cookie. See the :doc:`/topics/http/sessions`. 
SESSION_COOKIE_HTTPONLY

-----------------------



Default: ``False``

Default: ``True``



Whether to use HTTPOnly flag on the session cookie. If this is set to

``True``, client-side JavaScript will not to be able to access the
@@ -1725,6 +1725,9 @@ protected cookie data. 


.. _HTTPOnly: http://www.owasp.org/index.php/HTTPOnly



.. versionchanged:: 1.4

    The default value of the setting was changed from ``False`` to ``True``.



.. setting:: SESSION_COOKIE_NAME



SESSION_COOKIE_NAME