How do I set HttpOnly cookie in Django?

django xss session-cookies
Aviah Laor picture Aviah Laor · Aug 20, 2010 · Viewed 9.2k times · Source

How do I set HttpOnly cookie in Django?

And is it worth the effort to prevent XSS?

Answer

greg picture greg · Jan 19, 2011

Use

SESSION_COOKIE_HTTPONLY = True

in settings.py

Related questions

Why and When to use Django mark_safe() function

After reading the document, the function of mark_safe() is still unclear. I guess it is related to CSRF stuff. But why and when shall the mark_safe() be used? Here is the documentation mark_safe(s) Explicitly mark a …

Read More
'pip' is not recognized as an internal or external command

I'm running into a weird error when trying to install Django on my computer. This is the sequence that I typed into my command line: C:\Python34> python get-pip.py Requirement already up-to-date: pip in c:\python34\lib\site-packages …

Read More
How can I upgrade specific packages using pip and a requirements file?

I'm using pip with a requirements file, in a virtualenv, for my Django projects. I'm trying to upgrade some packages, notably Django itself, and I'm getting an error about source code conflicts: Source in <virtualenv>/build/Django has …

Read More