Make the session cookie only available over HTTPS

jodal · Dec 29, 2024 · 01d2043 · 01d2043
1 parent 664306c
commit 01d2043
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/src/comics/settings.py b/src/comics/settings.py
@@ -81,6 +81,9 @@
 #
 # Time the user session cookies will be valid. Default: 1 year
 SESSION_COOKIE_AGE = 60 * 60 * 24 * 365
+#
+# Do not allow the session cookie to be sent over HTTP if the site is served over HTTPS.
+SESSION_COOKIE_SECURE = CSRF_COOKIE_SECURE
 
 
 # Application definition