14

I read Set "secure" attribute for Flask cookies, but it's for setting secure cookies, but I'm trying to set HTTPONLY cookies. They both are kind-of-secure cookies, but differ in specs (read more).

The cookie needs to be protected because it is about users' logging in information.

jkdev
  • 11,360
  • 15
  • 54
  • 77
이기름
  • 157
  • 1
  • 1
  • 9

2 Answers2

15

Check set_cookie() (docs) under Flask APIs. It provides options for setting a HTTPONLY cookie using its httponly option. For example, the following code will set a HTTPONLY cookie:

set_cookie("name", value = "value", httponly = True)

IamAshKS
  • 749
  • 4
  • 14
6

Flask provides a configuration value SESSION_COOKIE_HTTPONLY which controls whether cookies are set to be http only. By default, however, it is set to True, so unless it's explicitly set to False, cookies will be http only.

Razzi Abuissa
  • 3,337
  • 2
  • 28
  • 29
  • Can you kindly tell me where can I found documentation about all of the flask env variables? It was quite frustrating for me not to find a good docs or find only explanation of a basic vars. Thanks – Dmitry Feb 18 '22 at 17:27
  • @Dmitry on the same page as the link, all the environment variables are under the heading Builtin Configuration Values (https://flask.palletsprojects.com/en/1.1.x/config/#builtin-configuration-values) – Razzi Abuissa Feb 18 '22 at 23:37
  • Thank you. I also found this [link](https://flask.palletsprojects.com/en/2.0.x/config/#builtin-configuration-values) for 2.0.x version of flask. – Dmitry Feb 20 '22 at 15:31