_js_cookies => not httponly_cookies

2015-08-18 12:25:13 -04:00
parent 2675e9d229
commit cf20ce5fae
1 changed files with 1 additions and 1 deletions
--- a/gluon/globals.py
+++ b/gluon/globals.py
@@ -1029,7 +1029,7 @@ class Session(Storage):
        if self._forget:
            del rcookies[response.session_id_name]
            return
-        if not self._js_cookies:
+        if self.get('httponly_cookies',True):
            scookies['HttpOnly'] = True
        if self._secure:
            scookies['secure'] = True