Cookies

Cookies¶

Session cookies should be set to HTTPONLY:

SESSION_COOKIE_HTTPONLY = True

Never configure CSRF or session cookies to have a wild card domain with a leading dot. Horizon’s session and CSRF cookie should be secured when deployed with HTTPS:

CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True

this page last updated: 2024-09-25 14:02:52

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.