Set samesite and secure attributes of session cookie. Enable strong session protection.

2025-02-25 00:03:03 +08:00 · 2020-05-09 14:13:37 +02:00 · 2020-05-09 14:13:37 +02:00 · e7c3a127b8
commit e7c3a127b8
parent 0e4799030d
2 changed files with 4 additions and 0 deletions
--- a/app/extensions.py
+++ b/app/extensions.py
@ -5,4 +5,5 @@ from flask_sqlalchemy import SQLAlchemy

 db = SQLAlchemy()
 login_manager = LoginManager()
+login_manager.session_protection = "strong"
 migrate = Migrate(db=db)
--- a/server.py
+++ b/server.py
@ -83,6 +83,9 @@ def create_app() -> Flask:

    # to avoid conflict with other cookie
    app.config["SESSION_COOKIE_NAME"] = "slapp"
+    if URL.startswith("https"):
+        app.config["SESSION_COOKIE_SECURE"] = True
+    app.config["SESSION_COOKIE_SAMESITE"] = "strict"

    init_extensions(app)
    register_blueprints(app)