We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
simple-login
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Set samesite and secure attributes of session cookie. Enable strong session protection.

Sibren Vasse 5 years ago
parent
0e4799030d
commit
e7c3a127b8
2 changed files with 4 additions and 0 deletions
Unified View Show Diff Stats
  1. 1 0
      app/extensions.py
  2. 3 0
      server.py

+ 1 - 0
app/extensions.py
View File 

@@ -5,4 +5,5 @@ from flask_sqlalchemy import SQLAlchemy
 
 
 
 db = SQLAlchemy()
 
 db = SQLAlchemy()
 
 login_manager = LoginManager()
 
 login_manager = LoginManager()
 
+login_manager.session_protection = "strong"
 
 migrate = Migrate(db=db)
 
 migrate = Migrate(db=db)

+ 3 - 0
server.py
View File 

@@ -83,6 +83,9 @@ def create_app() -> Flask:
 
 
 
     # to avoid conflict with other cookie
 
     # to avoid conflict with other cookie
 
     app.config["SESSION_COOKIE_NAME"] = "slapp"
 
     app.config["SESSION_COOKIE_NAME"] = "slapp"
 
+    if URL.startswith("https"):
 
+        app.config["SESSION_COOKIE_SECURE"] = True
 
+    app.config["SESSION_COOKIE_SAMESITE"] = "strict"
 
 
 
     init_extensions(app)
 
     init_extensions(app)
 
     register_blueprints(app)
 
     register_blueprints(app)

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5