> For sessions, there is session.secure() to set the session cookies to > secure, is there a similiar method to setting the httponly option for > session cookies? >
No. > Also for regular cookies, the following would make the cookie secure > > response.cookies['mycookie']['secure'] = True > > > So is there something similar you can do to set HttpOnly to true? > You should be able to do: response.cookies['mycookie']['httponly'] = True and for the session cookie: response.cookies[response.session_id_name]['httponly'] = True Does that work? Anthony --
