Commit e4868581 authored by Vladimir Mencl's avatar Vladimir Mencl Committed by Zenon Mousmoulas

Use secure session cookies

Django would be default use insecure cookies - that would be sent by the
browser also over plain http.  And administrative work requiring authenticated
sessions should be done over https - and therefore, the cookie should be marked
as secure.

This can be achived by setting:

    settings.SESSION_COOKIE_SECURE = True

As this is an essential security setting that shouldn't need additional tweaks,
adding the setting to settings.py (and not local_settings.py).
parent 2c10a316
......@@ -213,6 +213,8 @@ EDUROAM_KML_URL = 'http://monitor.eduroam.org/kml/all.kml'
# Check for headers indicating the request was received on a secure SSL connection
SECURE_PROXY_SSL_HEADER = ('X-Forwarded-SSL', 'on')
# Request session cookies to be marked as secure
SESSION_COOKIE_SECURE = True
TINYMCE_JS_URL = '/static/js/tinymce/tiny_mce.js'
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment