Hi, On Mon, Jan 25, 2010 at 8:00 PM, cootetom <coote...@gmail.com> wrote:
> The tip here is to add the following to your settings.py file > > SESSION_COOKIE_PATH = '/;HttpOnly' > > Useful information - however be warned this isn't a panacea. See http://www.owasp.org/index.php/HTTPOnly#Browsers_Supporting_HTTPOnly for which browsers and which attacks this prevents. Even so, it adds another layer of security and that's a good thing. Cheers, Malcolm -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
