0
0
Djangoframework~5 mins

Session security considerations in Django - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Recall & Review
beginner
What is the purpose of using secure cookies in Django sessions?
Secure cookies ensure that session cookies are only sent over HTTPS connections, protecting session data from being intercepted on unsecured networks.
Click to reveal answer
beginner
How does Django's SESSION_COOKIE_HTTPONLY setting improve session security?
Setting SESSION_COOKIE_HTTPONLY to True prevents JavaScript from accessing the session cookie, reducing the risk of cross-site scripting (XSS) attacks stealing session data.
Click to reveal answer
intermediate
Why should session expiration be configured carefully in Django?
Proper session expiration limits the time a session remains valid, reducing the window for attackers to reuse stolen session IDs and improving overall security.
Click to reveal answer
intermediate
What is session fixation and how can Django help prevent it?
Session fixation is an attack where an attacker sets a user's session ID to a known value. Django helps prevent this by rotating the session key after login using the cycle_key() method on the session object.
Click to reveal answer
beginner
Explain the role of CSRF protection in session security within Django.
CSRF protection prevents unauthorized commands from being transmitted from a user that the web application trusts. Django includes built-in CSRF tokens that work with sessions to protect against such attacks.
Click to reveal answer
Which Django setting ensures session cookies are only sent over HTTPS?
ASESSION_EXPIRE_AT_BROWSER_CLOSE
BSESSION_COOKIE_HTTPONLY
CCSRF_COOKIE_SECURE
DSESSION_COOKIE_SECURE
What does setting SESSION_COOKIE_HTTPONLY to True do?
APrevents JavaScript access to session cookies
BExpires session cookies immediately
CAllows cookies on all domains
DEncrypts session data in the database
How can Django help prevent session fixation attacks?
ABy using HTTP instead of HTTPS
BBy rotating the session key after login
CBy setting SESSION_COOKIE_AGE to zero
DBy disabling sessions entirely
Why is it important to set session expiration in Django?
ATo limit how long a session stays valid
BTo allow unlimited session duration
CTo disable session cookies
DTo enable JavaScript access to cookies
What role does CSRF protection play in session security?
AEncrypts session cookies
BDisables session cookies
CPrevents unauthorized commands from trusted users
DAllows cross-site requests without tokens
Describe three key settings or practices in Django that help secure user sessions.
Think about cookie security, session lifetime, and login behavior.
You got /4 concepts.
    Explain how session fixation attacks work and how Django defends against them.
    Focus on session ID control before and after login.
    You got /4 concepts.