On wo, 2010-03-17 at 11:10 -0700, Yuchen Zhou wrote:
> So does this ticket mean django now supports httponly cookies? And is
> it by default httponly?
> Or the application administrator has to turn it on?
The discussion on http://code.djangoproject.com/ticket/3304 indicates
that neither python no
Hi,
Thanks for your response!
So does this ticket mean django now supports httponly cookies? And is
it by default httponly?
Or the application administrator has to turn it on?
Best,
On Mar 17, 11:49 am, Tom Evans wrote:
> On Wed, Mar 17, 2010 at 3:42 PM, Yuchen Zhou wrote:
> > Hi,
>
> > I'm a
On Wed, Mar 17, 2010 at 3:42 PM, Yuchen Zhou wrote:
> Hi,
>
> I'm a security researcher at the University of Virginia I have been
> looking into the use and adoption of http-only cookies. My advisor is
> professor David Evans.
>
> We were surprised to discover that Django does not explicitly suppo
Hi,
I'm a security researcher at the University of Virginia I have been
looking into the use and adoption of http-only cookies. My advisor is
professor David Evans.
We were surprised to discover that Django does not explicitly supports
httponly cookie field. I have searched for some solution but
