From 3b5782ea83aa8062754a9d983b15f87317ba6c1b Mon Sep 17 00:00:00 2001 From: Brian Sutherland <brian@vanguardistas.net> Date: Fri, 17 Dec 2010 09:21:03 +0100 Subject: [PATCH] When the auth_tkt plugin is passed secure=True, add HttpOnly to the cookie. --- repoze/who/plugins/auth_tkt.py | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/repoze/who/plugins/auth_tkt.py b/repoze/who/plugins/auth_tkt.py index ec83eb8..9d44e38 100644 --- a/repoze/who/plugins/auth_tkt.py +++ b/repoze/who/plugins/auth_tkt.py @@ -172,7 +172,7 @@ secure = '' if self.secure: - secure = '; secure' + secure = '; secure; HttpOnly' cur_domain = environ.get('HTTP_HOST', environ.get('SERVER_NAME')) wild_domain = '.' + cur_domain -- Gitblit v1.9.3