Use secure session cookies
Django would be default use insecure cookies - that would be sent by the browser also over plain http. And administrative work requiring authenticated sessions should be done over https - and therefore, the cookie should be marked as secure. This can be achived by setting: settings.SESSION_COOKIE_SECURE = True As this is an essential security setting that shouldn't need additional tweaks, adding the setting to settings.py (and not local_settings.py).
Showing
Please register or sign in to comment