How to set an HTTPONLY cookie in Flask

About

Asked 24/11, 2019 at 4:12 Answered 8/5, 2020 at 0:5

Solved python flask cookies cookie-httponly

I read Set "secure" attribute for Flask cookies, but it's for setting secure cookies, but I'm trying to set HTTPONLY cookies. They both are kind-of-secure cookies, but differ in specs (read more).

The cookie needs to be protected because it is about users' logging in information.

Desalinate answered 24/11, 2019 at 4:12 Comment(0)

Check set_cookie() (docs) under Flask APIs. It provides options for setting a HTTPONLY cookie using its httponly option. For example, the following code will set a HTTPONLY cookie:

set_cookie("name", value = "value", httponly = True)

Rendon answered 24/11, 2019 at 4:20 Comment(0)

Flask provides a configuration value SESSION_COOKIE_HTTPONLY which controls whether cookies are set to be http only. By default, however, it is set to True, so unless it's explicitly set to False, cookies will be http only.

Rainer answered 8/5, 2020 at 0:5 Comment(3)

Can you kindly tell me where can I found documentation about all of the flask env variables? It was quite frustrating for me not to find a good docs or find only explanation of a basic vars. Thanks – Luau 18/2, 2022 at 17:27

@Luau on the same page as the link, all the environment variables are under the heading Builtin Configuration Values (flask.palletsprojects.com/en/1.1.x/config/…) – Rainer 18/2, 2022 at 23:37

Thank you. I also found this link for 2.0.x version of flask. – Luau 20/2, 2022 at 15:31

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags