Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to make Django sessionId cookie as secure

Tags:

python

django

django-sessions

This is my current sessionId cookie attributes:

Set-Cookie: sessionid=3jdpjxgepk49vrnhbabdvju3r80ci581; expires=Mon, 06-Aug-2018 12:40:14 GMT; HttpOnly; Max-Age=1209600; Path=/

I want sessionId to be secure with the secure attribute:

Set-Cookie: sessionid=3jdpjxgepk49vrnhbabdvju3r80ci581; expires=Mon, 06-Aug-2018 12:40:14 GMT; HttpOnly,secure; Max-Age=1209600; Path=/

I have tried adding the following attribute in settings.py:

SESSION_COOKIE_SECURE = True

However, I am still not getting the secure attribute in sessionId. Any alternative solution for this?

like image 738
user3415910 Avatar asked Jul 23 '18 10:07

user3415910

People also ask

Are cookie based sessions secure?

The cookie allows the server to identify the user and retrieve the user session from the session database, so that the user session is maintained. A cookie-based session ends when the user logs off or closes the browser. Cookie-based session management is secure and has performance benefits over alternatives.

Which of the following functions are used to generate cookies via Django?

Django provides built-in methods to set and fetch cookie. The set_cookie() method is used to set a cookie and get() method is used to get the cookie. The request. COOKIES['key'] array can also be used to get cookie values.

What is session and cookies in Django?

Django provides a session framework that lets you store and retrieve data on a per-site-visitor basis. Django abstracts the process of sending and receiving cookies, by placing a session ID cookie on the client side, and storing all the related data on the server side.

1 Answers

  1. Verify if your settings file is properly configured

  2. Set the SESSION_COOKIE_SECURE = True in the settings file

  3. You can test the changes by running your Django application in the interactive Shell to check if the variable got changed:

from django.conf import settings
settings.SESSION_COOKIE_SECURE # it should be printing "True"

Important: If you are running the application over HTTP instead of HTTPS (which is usually the case on our local machines) even with that variable set to true the session cookie will not get encrypted. It just works over HTTPS connections.

like image 80
fabriciorissetto Avatar answered Sep 18 '22 16:09

fabriciorissetto
Sign in to Comment

Related questions

PyQt: is there an better way to set objectName in code?
How to speed up pandas string function?
Find number runs with customizable distance between numbers
Get printable name of any QKeyEvent key value
Plotly figure hide and display
Error "'str' object is not callable" when using property setter
How to {pivot|denormalize|manipulate} CSV table in Python
Sum attributes of duplicate coordinates in python
Altair: not sorting an axis
How to melt first level column in multiindex with pandas
pip install lxml fails on python 3.7 on windows
what is uninitialized data in pytorch.empty function
Pandas: seaborn countplot from several columns
Numpy remove duplicate column values
Curl and Python Requests (get) reporting different http status code
Python: Create structured numpy structured array from two columns in a DataFrame
command 'cc' failed with exit status 1 on OSX High Sierra
Can I pip install python3.6?
Django - ManyRelatedManager object is not iterable when returning Object
Resampling a signal with scipy.signal.resample

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!