Hi all,
I am looking into how to set the httponly attributes on the auth and
session cookie.
Here is my current configuration:
# webapp2 config
app_config = {
'webapp2_extras.sessions': {
'cookie_name': '__session__',
'secret_key': login.secrets.SESSION_KEY,
'cookie_args': {
'max_age': 30 * 24 * 60 * 60
}
},
'webapp2_extras.auth': {
'cookie_name': '__auth__',
# Use with 'remember' flag to make persistent cookies
'token_max_age': 30 * 24 * 60 * 60,
'user_attributes': []
},
'webapp2_extras.jinja2': {
'template_path': JINJA_TEMPLATE_ROOT
}
}
Here is my observation so far:
1) I can introduce 'httponly' to __session__ via cookie_args. However for
some reason, my client side html page keeps reloading itself after this
change
2) In the documentation, there is no mention of cookie attribute for the
__auth__ cookie.
I am looking any suggestion/pointers to help set 'httponly' to these two
cookies
Thanks
--
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit
https://groups.google.com/d/msgid/google-appengine/6e330b16-870f-4508-a67b-3d5fcc29b239%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
