Merge pull request #171 from SibrenVasse/secure_cookie

Session cookie flags.
2025-10-31 02:26:34 +08:00 · 2020-05-09 18:03:15 +02:00 · 2020-05-09 18:03:15 +02:00 · 16d8737770
commit 16d8737770
parent e23887bb37 e7c3a127b8
2 changed files with 4 additions and 0 deletions
--- a/app/extensions.py
+++ b/app/extensions.py
@ -5,4 +5,5 @@ from flask_sqlalchemy import SQLAlchemy

 db = SQLAlchemy()
 login_manager = LoginManager()
+login_manager.session_protection = "strong"
 migrate = Migrate(db=db)
--- a/server.py
+++ b/server.py
@ -83,6 +83,9 @@ def create_app() -> Flask:

    # to avoid conflict with other cookie
    app.config["SESSION_COOKIE_NAME"] = "slapp"
+    if URL.startswith("https"):
+        app.config["SESSION_COOKIE_SECURE"] = True
+    app.config["SESSION_COOKIE_SAMESITE"] = "strict"

    init_extensions(app)
    register_blueprints(app)