Fixed #4724 -- Added support for configurable session cookie paths. Helps with

multiple Django installs under the same hostname. Thanks, frej and Graham Dumpleton. git-svn-id: http://code.djangoproject.com/svn/django/trunk@6545 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-10-26 07:06:08 +00:00 · 2007-10-20 05:13:56 +00:00
parent 1a1a39738a
commit e172e7be57
3 changed files with 24 additions and 11 deletions
--- a/django/conf/global_settings.py
+++ b/django/conf/global_settings.py
@@ -275,6 +275,7 @@ SESSION_COOKIE_NAME = 'sessionid'                       # Cookie name. This can
 SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2               # Age of cookie, in seconds (default: 2 weeks).
 SESSION_COOKIE_DOMAIN = None                            # A string like ".lawrence.com", or None for standard domain cookie.
 SESSION_COOKIE_SECURE = False                           # Whether the session cookie should be secure (https:// only).
+SESSION_COOKIE_PATH = '/'                               # The path of the session cookie.
 SESSION_SAVE_EVERY_REQUEST = False                      # Whether to save the session data on every request.
 SESSION_EXPIRE_AT_BROWSER_CLOSE = False                 # Whether sessions expire when a user closes his browser.
 SESSION_ENGINE = 'django.contrib.sessions.backends.db'  # The module to store session data
--- a/django/contrib/sessions/middleware.py
+++ b/django/contrib/sessions/middleware.py
@@ -39,8 +39,10 @@ class SessionMiddleware(object):

                # Save the seesion data and refresh the client cookie.
                request.session.save()
-                response.set_cookie(settings.SESSION_COOKIE_NAME, request.session.session_key,
-                    max_age=max_age, expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
-                    secure=settings.SESSION_COOKIE_SECURE or None)
+                response.set_cookie(settings.SESSION_COOKIE_NAME,
+                        request.session.session_key, max_age=max_age,
+                        expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
+                        path=settings.SESSION_COOKIE_PATH,
+                        secure=settings.SESSION_COOKIE_SECURE or None)

        return response
--- a/docs/settings.txt
+++ b/docs/settings.txt
@@ -784,6 +784,16 @@ Default: ``'sessionid'``
 The name of the cookie to use for sessions. This can be whatever you want.
 See the `session docs`_.

+SESSION_COOKIE_PATH
+-------------------
+
+Default: ``'/'``
+
+The path set on the session cookie. Should match the URL path of your Django
+installation (or be parent of that path). This is useful if you have multiple
+Django instances running under the same hostname; they can use different
+cookie paths and each instance will only see its own session cookie.
+
 SESSION_COOKIE_SECURE
 ---------------------