WebAppSec/Secure Coding Details: Difference between revisions
Jump to navigation
Jump to search
(Created page with "=Author= Michael Coates - mcoates [at] mozilla.com =Introduction= =Status= =Layout= ==Session Management== ===Secure Flag=== ====Django==== Django provides built in support f...") |
|||
| Line 3: | Line 3: | ||
=Introduction= | =Introduction= | ||
This document provides code examples and links to support the [https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines secure coding guidelines] document. | |||
=Status= | =Status= | ||
Revision as of 22:12, 5 November 2010
Author
Michael Coates - mcoates [at] mozilla.com
Introduction
This document provides code examples and links to support the secure coding guidelines document.
Status
Layout
Session Management
Secure Flag
Django
Django provides built in support for setting the SECURE flag for the session id cookie. By default Django does NOT set the flag to secure
Correct Setting:
SESSION_COOKIE_SECURE = TRUE
http://docs.djangoproject.com/en/dev/topics/http/sessions/#session-cookie-secure