Use Secure Session Cookies

A snippet showing how to configure secure session cookies.


# settings.py

SESSION_COOKIE_SECURE = True      # only sent over HTTPS
SESSION_COOKIE_HTTPONLY = True    # inaccessible to JavaScript
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True
      
Explanation:
  • Cookies are safer against XSS and man-in-the-middle attacks.
  • Category Security
  • Total Views 985
  • Last Modified 26 March, 2026
  • Tags #security #cookies #sessions #https
Never miss a story on Django.wiki

Subscribe for fresh tutorials, snippets, and updates.

By subscribing you agree to our Privacy Policy.