Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I set HttpOnly cookie in Django?

Tags:

xss

django

session-cookies

How do I set HttpOnly cookie in Django?

And is it worth the effort to prevent XSS?

like image 787
Aviah Laor Avatar asked Aug 20 '10 09:08

Aviah Laor

People also ask

How do I set HttpOnly cookies?

Set HttpOnly cookie in PHPini_set("session. cookie_httponly", True); This is the most common way to set cookies in PHP, empty variables will hold their default value.

How do I save JWT in HTTP only cookies?

HTTP Only JWT Cookie: In a SPA(Single Page Application) Authentication JWT token either can be stored in browser 'LocalStorage' or in 'Cookie'. Storing JWT token inside of the cookie then the cookie should be HTTP Only. The HTTP-Only cookie nature is that it will be only accessible by the server application.

When should HttpOnly cookies be set?

Use the HttpOnly attribute to prevent access to cookie values via JavaScript. Cookies that are used for sensitive information (such as indicating authentication) should have a short lifetime, with the SameSite attribute set to Strict or Lax . (See SameSite attribute, above.)

1 Answers

Use

SESSION_COOKIE_HTTPONLY = True

in settings.py

like image 133
greg Avatar answered Oct 08 '22 01:10

greg
Sign in to Comment

Related questions

Django templates: Convert float to integer if it ends with .0?
Can't install python mysql library on Mac Mavericks
Using Django's m2m_changed to modify what is being saved pre_add
Gunicorn will not bind to my application
Difficulty with Django and jQuery (why is $ undefined in the admin app?)
Django: how to hide/overwrite default label with ModelForm?
Python + Django on Android
How can I filter Emoji characters from my input so I can save in MySQL <5.5?
How to install django for python 3.3
Django create superuser from batch file
Annotating SUM aggregation function leading to 'None' value in Django
Django Rest Framework - Getting a model instance after serialization
Django: Highlight current page in navbar
Django CSRF cookie HttpOnly
How to override template in django-allauth?
Django: "Too many values to unpack" when calling user.objects.get()
How to Lazy Load a model in a managers to stop circular imports?
django rest framework create user with password
Django 1.8 & Django Crispy Forms: Is there a simple, easy way of implementing a Date Picker?
Rename response fields django rest framework serializer

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!