This is my current sessionId
cookie attributes:
Set-Cookie: sessionid=3jdpjxgepk49vrnhbabdvju3r80ci581; expires=Mon, 06-Aug-2018 12:40:14 GMT; HttpOnly; Max-Age=1209600; Path=/
I want sessionId
to be secure with the secure
attribute:
Set-Cookie: sessionid=3jdpjxgepk49vrnhbabdvju3r80ci581; expires=Mon, 06-Aug-2018 12:40:14 GMT; HttpOnly,secure; Max-Age=1209600; Path=/
I have tried adding the following attribute in settings.py
:
SESSION_COOKIE_SECURE = True
However, I am still not getting the secure
attribute in sessionId
.
Any alternative solution for this?
The cookie allows the server to identify the user and retrieve the user session from the session database, so that the user session is maintained. A cookie-based session ends when the user logs off or closes the browser. Cookie-based session management is secure and has performance benefits over alternatives.
Django provides built-in methods to set and fetch cookie. The set_cookie() method is used to set a cookie and get() method is used to get the cookie. The request. COOKIES['key'] array can also be used to get cookie values.
Django provides a session framework that lets you store and retrieve data on a per-site-visitor basis. Django abstracts the process of sending and receiving cookies, by placing a session ID cookie on the client side, and storing all the related data on the server side.
Verify if your settings file is properly configured
Set the SESSION_COOKIE_SECURE = True
in the settings file
You can test the changes by running your Django application in the interactive Shell to check if the variable got changed:
from django.conf import settings
settings.SESSION_COOKIE_SECURE # it should be printing "True"
Important: If you are running the application over HTTP instead of HTTPS (which is usually the case on our local machines) even with that variable set to true the session cookie will not get encrypted. It just works over HTTPS connections.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With