From: Craig Campbell <craig@vimeo.com>
Date: Tue, 3 Feb 2015 21:05:01 +0000 (-0500)
Subject: Skip falsy values for SimpleCookie flags
X-Git-Tag: v4.2.0b1~131^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac0c59709ddad8dbe5dc4ef42617eeb332c7910c;p=thirdparty%2Ftornado.git

Skip falsy values for SimpleCookie flags

Fixes #1324
---

diff --git a/tornado/web.py b/tornado/web.py
index 52bfce366..f6cb99429 100644
--- a/tornado/web.py
+++ b/tornado/web.py
@@ -524,6 +524,12 @@ class RequestHandler(object):
         for k, v in kwargs.items():
             if k == 'max_age':
                 k = 'max-age'
+
+            # skip falsy values for httponly and secure flags because
+            # SimpleCookie sets them regardless
+            if k in ['httponly', 'secure'] and not v:
+                continue
+
             morsel[k] = v
 
     def clear_cookie(self, name, path="/", domain=None):