9

I read Set "secure" attribute for Flask cookies, but it's for setting secure cookies, but I'm trying to set HTTPONLY cookies. They both are kind-of-secure cookies, but differ in specs (read more).

The cookie needs to be protected because it is about users' logging in information.

jkdev
  • 9,037
  • 14
  • 52
  • 75
이기름
  • 107
  • 1
  • 7

2 Answers2

11

Check set_cookie() (docs) under Flask APIs. It provides options for setting a HTTPONLY cookie using its httponly option. For example, the following code will set a HTTPONLY cookie:

set_cookie("name", value = "value", httponly = True)

IamAshKS
  • 526
  • 3
  • 11
2

Flask provides a configuration value SESSION_COOKIE_HTTPONLY which controls whether cookies are set to be http only. By default, however, it is set to True, so unless it's explicitly set to False, cookies will be http only.

Razzi Abuissa
  • 1,996
  • 2
  • 20
  • 21