From 14082a43f59145110be548a3a3f06f884382711a Mon Sep 17 00:00:00 2001
From: Ricky Rosario <rickyrosario@gmail.com>
Date: Fri, 29 Apr 2011 11:44:20 -0400
Subject: [PATCH] httponly cookies by default [bug 653492]

---
 settings.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/settings.py b/settings.py
index 2c5727246..b0a5975ff 100644
--- a/settings.py
+++ b/settings.py
@@ -232,6 +232,7 @@ INSTALLED_APPS = (
     'landings',
     'announcements',
     'messages',
+    'commonware.response.cookies',
 
     # Extra apps for testing.
     'django_nose',
@@ -450,6 +451,7 @@ JAVA_BIN = '/usr/bin/java'
 #
 # Sessions
 SESSION_COOKIE_SECURE = True
+SESSION_COOKIE_HTTPONLY = True
 SESSION_EXPIRE_AT_BROWSER_CLOSE = True
 SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'