flo/nsupdate.info
1
0
Fork 0
Code Issues 1 Pull Requests 2 Packages Releases Activity

document how cookies are used depending on the "keep me logged in" checkbox state

Browse Source
This commit is contained in:
Thomas Waldmann 2013-11-16 05:14:03 +01:00
parent 56341d0581
commit 89e18d9d65
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/security.rst
View File

@ -128,6 +128,11 @@ If you have set WE_HAVE_SSL to True (because you run the software on a https
site), you should also set *_COOKIE_SECURE to True to avoid the cookies getting site), you should also set *_COOKIE_SECURE to True to avoid the cookies getting
transmitted via http. transmitted via http.
For local account logins, we use a session cookie by default (gets cleared when
you close the browser). If you check the "Keep me logged in checkbox" on the
login screen, then we'll set a permanent cookie with a lifetime as configured
by the site admin (SESSION_COOKIE_AGE, default: 14 days).
Be careful with domain cookies Be careful with domain cookies
------------------------------ ------------------------------