[Fixed]-How do I set HttpOnly cookie in Django?

6👍

👤miku

33👍

Use

SESSION_COOKIE_HTTPONLY = True

in settings.py

👤greg

7👍

In Django 3.0 you can set the following cookies to True in your settings.py:

For instances, if

SESSION_COOKIE_HTTPONLY = True

Then your client-side JavaScript will not be able to access the session cookie.

Leave a comment