How do I set HttpOnly cookie in Django?

StackOverflow https://stackoverflow.com/questions/3529695

  •  30-09-2019
  •  | 
  •  

Question

and is it worth the effort to prevent xss?

Was it helpful?

Solution 

SESSION_COOKIE_PATH = '/;HttpOnly'

A discussion can be found here: http://groups.google.com/group/django-users/browse_thread/thread/bd7f562d5b938054/a229073ae836f4d2?lnk=raot&pli=1

OTHER TIPS

Use

SESSION_COOKIE_HTTPONLY = True

in settings.py

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top