Bird
0
0

Given the following Django settings snippet:

medium📝 component behavior Q4 of 15
Django - Security Best Practices
Given the following Django settings snippet:
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = False

What happens when a user accesses the site over HTTP?
ANeither session nor CSRF cookies are sent
BBoth session and CSRF cookies are sent
CSession cookie is sent, CSRF cookie is not sent
DSession cookie is not sent, CSRF cookie is sent
Step-by-Step Solution
Solution:

  1. Step 1: Analyze SESSION_COOKIE_SECURE behavior

    SESSION_COOKIE_SECURE = True means session cookie is sent only over HTTPS, so over HTTP it is not sent.

  2. Step 2: Analyze CSRF_COOKIE_SECURE behavior

    CSRF_COOKIE_SECURE = False means CSRF cookie can be sent over HTTP or HTTPS, so it is sent over HTTP.

  3. Final Answer:

    Session cookie is not sent, CSRF cookie is sent -> Option D

  4. Quick Check:

    SESSION_COOKIE_SECURE blocks HTTP, CSRF_COOKIE_SECURE allows HTTP [OK]
Quick Trick: Secure cookie blocks HTTP; non-secure cookie allows HTTP [OK]
Common Mistakes:
MISTAKES
  • Assuming all cookies block HTTP if one does
  • Confusing CSRF cookie security flag
  • Thinking cookies always send regardless of HTTPS

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Django Quizzes
Async Django - When async helps and when it does not - Quiz 4medium Async Django - Channels for WebSocket support - Quiz 4medium Caching - Per-view caching - Quiz 2easy Caching - Why caching matters for performance - Quiz 7medium Celery and Background Tasks - Task retry and error handling - Quiz 11easy Celery and Background Tasks - Celery installation and setup - Quiz 11easy Celery and Background Tasks - Defining tasks - Quiz 9hard DRF Advanced Features - Search and ordering - Quiz 6medium Security Best Practices - Content Security Policy - Quiz 9hard Signals - Connecting signal handlers - Quiz 13medium