Complete the code to set a secure session cookie in Django settings.
SESSION_COOKIE_[1] = True
Setting SESSION_COOKIE_SECURE to True ensures cookies are sent only over HTTPS.
Complete the code to prevent JavaScript access to session cookies.
SESSION_COOKIE_[1] = True
Setting SESSION_COOKIE_HTTPONLY to True prevents JavaScript from accessing the cookie, reducing XSS risks.
Fix the error in the middleware setting to enable session security.
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'[1]',
]Including CsrfViewMiddleware helps protect sessions from CSRF attacks.
Fill both blanks to configure session expiration and cookie age.
SESSION_COOKIE_[1] = 1209600 # Two weeks in seconds SESSION_EXPIRE_AT_[2] = True
SESSION_COOKIE_AGE sets how long the cookie lasts. SESSION_EXPIRE_AT_BROWSER_CLOSE makes the session end when the browser closes.
Fill all three blanks to create a secure session dictionary comprehension filtering active sessions.
active_sessions = {session.session_key: session for session in sessions if session.expire_date [1] timezone.now() and session.session_key [2] None and session.user_id [3] 0}The code filters sessions where expiration is in the future (>), session key exists (!= None), and user ID is valid (>= 0).