flo/nsupdate.info
1
0
Fork 0
Code Issues 1 Pull Requests 2 Packages Releases Activity

add docs about secure cookies

Browse Source
This commit is contained in:
Thomas Waldmann 2013-11-03 10:19:05 +01:00
parent 7a99935597
commit 52c2916215
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/security.rst
View File

@ -102,6 +102,9 @@ The software ("as is") uses these cookies:
* "sessionid" (host-only, to keep the session when you have logged-in to the * "sessionid" (host-only, to keep the session when you have logged-in to the
web interface) web interface)
If you have set WE_HAVE_SSL to True (because you run the software on a https
site), you should also set *_COOKIE_SECURE to True to avoid the cookies getting
transmitted via http.
Be careful with domain cookies Be careful with domain cookies
------------------------------ ------------------------------

4
nsupdate/settings.py
View File

@ -224,13 +224,13 @@ CSRF_FAILURE_VIEW = 'nsupdate.main.views.CsrfFailureView'
# Settings for CSRF cookie. # Settings for CSRF cookie.
CSRF_COOKIE_NAME = 'csrftoken' CSRF_COOKIE_NAME = 'csrftoken'
CSRF_COOKIE_PATH = '/' CSRF_COOKIE_PATH = '/'
CSRF_COOKIE_SECURE = False CSRF_COOKIE_SECURE = False # use True here if you have set WE_HAVE_SSL = True
CSRF_COOKIE_HTTPONLY = False CSRF_COOKIE_HTTPONLY = False
# Settings for session cookie. # Settings for session cookie.
SESSION_COOKIE_NAME = 'sessionid' SESSION_COOKIE_NAME = 'sessionid'
SESSION_COOKIE_PATH = '/' SESSION_COOKIE_PATH = '/'
SESSION_COOKIE_SECURE = False SESSION_COOKIE_SECURE = False # use True here if you have set WE_HAVE_SSL = True
SESSION_COOKIE_HTTPONLY = True SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_AGE = 14 * 24 * 3600 # 2 weeks, in seconds SESSION_COOKIE_AGE = 14 * 24 * 3600 # 2 weeks, in seconds
SESSION_EXPIRE_AT_BROWSER_CLOSE = False SESSION_EXPIRE_AT_BROWSER_CLOSE = False