Mark Cookies as Secure and HttpOnly

A snippet showing how to secure cookies with flags.


# settings.py

SESSION_COOKIE_SECURE = True      # only via HTTPS
SESSION_COOKIE_HTTPONLY = True    # prevent JS access
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True
      
Explanation:
  • Use SESSION_COOKIE_SECURE = True to make the session cookie secure.
  • Cookies are secure and protected from XSS and MITM attacks.
  • Category Sessions & Cookies
  • Total Views 709
  • Last Modified 08 July, 2026
  • Tags #cookies #secure #httponly #settings
Never miss a story on Django.wiki

Subscribe for fresh tutorials, snippets, and updates.

By subscribing you agree to our Privacy Policy.