Mark Cookies as Secure and HttpOnly
A snippet showing how to secure cookies with flags.
# settings.py
SESSION_COOKIE_SECURE = True # only via HTTPS
SESSION_COOKIE_HTTPONLY = True # prevent JS access
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True
Explanation:
-
Use
SESSION_COOKIE_SECURE = Trueto make the session cookie secure. - Cookies are secure and protected from XSS and MITM attacks.
- Category Sessions & Cookies
- Total Views 709
- Last Modified 08 July, 2026
- Tags #cookies #secure #httponly #settings
Previous snippet