Use Secure Session Cookies
A snippet showing how to configure secure session cookies.
# settings.py
SESSION_COOKIE_SECURE = True # only sent over HTTPS
SESSION_COOKIE_HTTPONLY = True # inaccessible to JavaScript
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True
Explanation:
- Cookies are safer against XSS and man-in-the-middle attacks.
- Category Security
- Total Views 985
- Last Modified 26 March, 2026
- Tags #security #cookies #sessions #https
Previous snippet
Validate User Input Safely
Next snippet