librelist archives

« back to archive

Session Cookies and HttpOnly

Session Cookies and HttpOnly

From:
Tobias Oberstein
Date:
2012-07-24 @ 14:04
Flask session cookies seem to be "HttpOnly" (cannot be accessed from JS).

Can I turn that off?

If not, what is the recommended way?

http://flask.pocoo.org/snippets/51/

?

Thanks!
Tobias

Re: [flask] Session Cookies and HttpOnly

From:
Simon Sapin
Date:
2012-07-24 @ 14:14
Le 24/07/2012 16:04, Tobias Oberstein a écrit :
> Flask session cookies seem to be "HttpOnly" (cannot be accessed from JS).
>
> Can I turn that off?
>
> If not, what is the recommended way?

Hi,

Try this:

app.config['SESSION_COOKIE_HTTPONLY'] = False

http://flask.pocoo.org/docs/config/


> http://flask.pocoo.org/snippets/51/

This link is not directly related to the previous question. itsdangerous 
is nice, but depending on what you do the default sessions are probably 
good enough.

Regards,
-- 
Simon Sapin

Re: [flask] Session Cookies and HttpOnly

From:
Tobias Oberstein
Date:
2012-07-24 @ 14:28
>> Flask session cookies seem to be "HttpOnly" (cannot be accessed from JS).
>>
>> Can I turn that off?
>>
>> If not, what is the recommended way?
>
> Hi,
>
> Try this:
>
> app.config['SESSION_COOKIE_HTTPONLY'] = False
>
> http://flask.pocoo.org/docs/config/

Thanks! That did the trick.