Why is it important to set both SESSION_COOKIE_SECURE and CSRF_COOKIE_SECURE to True in a Django app served over HTTPS?

hard📝 Conceptual Q10 of 15

Django - Security Best Practices

Why is it important to set both SESSION_COOKIE_SECURE and CSRF_COOKIE_SECURE to True in a Django app served over HTTPS?

ATo allow cookies to be accessed by JavaScript on any page

BTo ensure cookies are only sent over secure connections, preventing interception

CTo make cookies expire immediately after use

DTo store cookies in the database securely

Step-by-Step Solution

Solution:

Step 1: Understand cookie security over HTTPS
Setting these flags ensures cookies are sent only over HTTPS, protecting them from being intercepted on insecure networks.
Step 2: Recognize the security benefit
This reduces risk of session hijacking and CSRF attacks by preventing cookie exposure over HTTP.
Final Answer:
To ensure cookies are only sent over secure connections, preventing interception -> Option B
Quick Check:
Secure cookies protect data in transit [OK]

Quick Trick: Secure cookies prevent interception on insecure networks [OK]

Common Mistakes:

MISTAKES

Master "Security Best Practices" in Django

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More Django Quizzes