[Solved] Given the following Django settings snippet, what will happen when a user accesses the site over HTTP?SECURE_SSL_REDIRECT = True SESSION_COOKIE_SECURE = True CSRF_COOKIE_SECURE = True | Django

Django - Security Best Practices

Given the following Django settings snippet, what will happen when a user accesses the site over HTTP?

SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True

AThe user will be redirected to the HTTPS version of the site

BThe session cookie will be sent over HTTP

CCSRF protection will be disabled

DThe site will allow HTTP access without redirection

Step-by-Step Solution

Solution:

Step 1: Understand SECURE_SSL_REDIRECT = True
This setting forces Django to redirect all HTTP requests to HTTPS automatically.
Step 2: Analyze cookie settings
Both SESSION_COOKIE_SECURE and CSRF_COOKIE_SECURE ensure cookies are only sent over HTTPS, but the redirect happens first.
Final Answer:
The user will be redirected to the HTTPS version of the site -> Option A
Quick Check:
SECURE_SSL_REDIRECT = True causes HTTPS redirect [OK]

Quick Trick: HTTPS redirect happens before cookies are sent [OK]

Common Mistakes:

MISTAKES

Master "Security Best Practices" in Django

9 interactive learning modes - each teaches the same concept differently

More Django Quizzes

Given the following Django settings snippet, what will happen when a user accesses the site over HTTP?