angler-fishThe Vulnerability History Project

Fixed #16847. Session Cookies now default to httponly = True.

      git-svn-id: http://code.djangoproject.com/svn/django/trunk@17135 bcc190cf-cafb-0310-a4f2-bffc1f526a37
by Juanita the Human 2011-11-21 22:03:03 UTC
commit 4d975b4f882eb2a68da02e069aa1debb99073497
Django VCC Attack is in Session CVE-2015-5964
django/conf/global_settings.py
+1 -1
django/contrib/sessions/tests.py
+2 -23
docs/ref/request-response.txt
+2 -6
docs/releases/1.4.txt
+4 -7
docs/topics/http/sessions.txt
+3 -3
expand_less