Fixing cookie handling for edx-mktg-loggedin

2b309adf · John Jarvis · 78079d1c · 2b309adf
Commit 2b309adf authored Mar 28, 2013 by John Jarvis
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 4 deletions

common/djangoapps/student/views.py
+9 -4

No files found.
--- a/common/djangoapps/student/views.py
+++ b/common/djangoapps/student/views.py
@@ -419,6 +419,9 @@ def login_user(request, error=""):
        response = HttpResponse(json.dumps({'success': True}))
        # set the login cookie for the edx marketing site
+        # we want this cookie to be accessed via javascript
+        # so httponly is set to None
        if request.session.get_expire_at_browser_close():
            max_age = None
            expires = None
@@ -427,12 +430,13 @@ def login_user(request, error=""):
            expires_time = time.time() + max_age
            expires = cookie_date(expires_time)
        response.set_cookie(settings.EDXMKTG_COOKIE_NAME,
                            'true', max_age=max_age,
                            expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
-                            path=settings.SESSION_COOKIE_PATH,
+                            path='/',
-                            secure=settings.SESSION_COOKIE_SECURE or None,
+                            secure=None,
-                            httponly=settings.SESSION_COOKIE_HTTPONLY or None)
+                            httponly=None)
        return response
@@ -457,7 +461,8 @@ def logout_user(request):
    logout(request)
    response = redirect('/')
    response.delete_cookie(settings.EDXMKTG_COOKIE_NAME,
-                           settings.SESSION_COOKIE_DOMAIN)
+                           path='/',
+                           domain=settings.SESSION_COOKIE_DOMAIN)
    return response