|
Jim Gallacher
jpg at jgassociates.ca
Tue May 30 09:49:19 EDT 2006
marinus van aswegen wrote: > Hi Jim > > It's a good security practise not to permit the client to send a > sessionid to a non secured (non https) sites, even if it's encrypted. > I just wanted to do this with mod_python. I understand the logic of it, but I got the impression that you may have thought this was already supported in the Cookie class, which it is not. We've added a new req.is_https() method in the development branch and backported to the 3.2.x branch. This will be included in the 3.2.9 release which we are hoping to get out in the next couple of weeks. Jim
|