How do I set HttpOnly cookie in Django?
-
30-09-2019 - |
Question
and is it worth the effort to prevent xss?
Solution
SESSION_COOKIE_PATH = '/;HttpOnly'
A discussion can be found here: http://groups.google.com/group/django-users/browse_thread/thread/bd7f562d5b938054/a229073ae836f4d2?lnk=raot&pli=1
OTHER TIPS
Use
SESSION_COOKIE_HTTPONLY = True
in settings.py
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow