Fixed #18045 -- Corrected the documented default value of…

Fixed #18045 -- Corrected the documented default value of SESSION_COOKIE_HTTPONLY setting. Missing bit of r17135. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17862 bcc190cf-cafb-0310-a4f2-bffc1f526a37

Fixed #18045 -- Corrected the documented default value of…
Fixed #18045 -- Corrected the documented default value of SESSION_COOKIE_HTTPONLY setting. Missing bit of r17135. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17862 bcc190cf-cafb-0310-a4f2-bffc1f526a37
cb2fafe5 · Claude Paroz · b41ebcf1 · cb2fafe5
Kaydet (Commit) cb2fafe5 authored Nis 01, 2012 tarafından Claude Paroz
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

settings.txt docs/ref/settings.txt +4 -1

No files found.
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -1711,7 +1711,7 @@ domain cookie. See the :doc:`/topics/http/sessions`.
 SESSION_COOKIE_HTTPONLY
 -----------------------

-Default: ``False``
+Default: ``True``

 Whether to use HTTPOnly flag on the session cookie. If this is set to
 ``True``, client-side JavaScript will not to be able to access the
@@ -1725,6 +1725,9 @@ protected cookie data.

 .. _HTTPOnly: http://www.owasp.org/index.php/HTTPOnly

+.. versionchanged:: 1.4
+    The default value of the setting was changed from ``False`` to ``True``.
+
 .. setting:: SESSION_COOKIE_NAME

 SESSION_COOKIE_NAME