Skip to first unread message
A. Kong
Dec 23, 2015, 6:29:41 PM12/23/15
to Google App Engine
Hi all,
I am looking into how to set the httponly attributes on the auth and session cookie.
Here is my current configuration:
# webapp2 config
app_config = {
'webapp2_extras.sessions': {
'cookie_name': '__session__',
'secret_key': login.secrets.SESSION_KEY,
'cookie_args': {
'max_age': 30 * 24 * 60 * 60
}
},
'webapp2_extras.auth': {
'cookie_name': '__auth__',
# Use with 'remember' flag to make persistent cookies
'token_max_age': 30 * 24 * 60 * 60,
'user_attributes': []
},
'webapp2_extras.jinja2': {
'template_path': JINJA_TEMPLATE_ROOT
}
}
Here is my observation so far:
1) I can introduce 'httponly' to __session__ via cookie_args. However for some reason, my client side html page keeps reloading itself after this change
2) In the documentation, there is no mention of cookie attribute for the __auth__ cookie.
I am looking any suggestion/pointers to help set 'httponly' to these two cookies
Thanks
Reply all
Reply to author
Forward
0 new messages