Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Secure Setting for Django SESSION_COOKIE_SECURE flag#18

Open
pixeebot[bot] wants to merge 1 commit into
mainPixee-Bot-Python/Zipstack_unstract:mainfrom
pixeebot/drip-2025-08-10-pixee-python/django-session-cookie-secure-offPixee-Bot-Python/Zipstack_unstract:pixeebot/drip-2025-08-10-pixee-python/django-session-cookie-secure-offCopy head branch name to clipboard
Open

Secure Setting for Django SESSION_COOKIE_SECURE flag#18
pixeebot[bot] wants to merge 1 commit into
mainPixee-Bot-Python/Zipstack_unstract:mainfrom
pixeebot/drip-2025-08-10-pixee-python/django-session-cookie-secure-offPixee-Bot-Python/Zipstack_unstract:pixeebot/drip-2025-08-10-pixee-python/django-session-cookie-secure-offCopy head branch name to clipboard

Conversation

@pixeebot

@pixeebot pixeebot Bot commented Aug 10, 2025

Copy link
Copy Markdown

This codemod will set Django's SESSION_COOKIE_SECURE flag to True if it's False or missing on the settings.py file within Django's default directory structure.

+ SESSION_COOKIE_SECURE = True

Setting this flag on ensures that the session cookies are only sent under an HTTPS connection. Leaving this flag off may enable an attacker to use a sniffer to capture the unencrypted session cookie and hijack the user's session.

More reading

🧚🤖 Powered by Pixeebot

Feedback | Community | Docs | Codemod ID: pixee:python/django-session-cookie-secure-off

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants

Morty Proxy This is a proxified and sanitized view of the page, visit original site.