From 6716551565fb875d694634c6765e5d8e40a995df Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Fri, 11 Apr 2014 07:44:04 +0200 Subject: [PATCH] views: when deleting cookie conserve status of http_only flag --- authentic2_idp_ltpa/views.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/authentic2_idp_ltpa/views.py b/authentic2_idp_ltpa/views.py index 57dc893..bd10885 100644 --- a/authentic2_idp_ltpa/views.py +++ b/authentic2_idp_ltpa/views.py @@ -36,5 +36,6 @@ def logout(request): next_url = urlparse.urljoin(settings.STATIC_URL, 'authentic2/images/ok.png') response = HttpResponseRedirect(next_url) domain = app_settings.COOKIE_DOMAIN or request.META['HTTP_HOST'].split(':')[0] - response.delete_cookie(app_settings.COOKIE_NAME, domain=domain) + response.delete_cookie(app_settings.COOKIE_NAME, domain=domain, + httponly=app_settings.COOKIE_HTTP_ONLY) return response