You want to improve session security in your Flask app by ensuring cookies are only sent over HTTPS and not accessible by JavaScript. Which configuration should you add?

hard📝 Application Q15 of 15

Flask - Security Best Practices

Aapp.config.update({'SESSION_COOKIE_SECURE': true, 'SESSION_COOKIE_HTTPONLY': true})

Bapp.config.update({'SESSION_COOKIE_SECURE': false, 'SESSION_COOKIE_HTTPONLY': false})

Capp.config.update({'SESSION_COOKIE_SAMESITE': 'null'})

Dapp.config.update({'SESSION_COOKIE_DOMAIN': 'localhost'})

Step-by-Step Solution

Solution:

Step 1: Understand cookie security flags
SESSION_COOKIE_SECURE=true ensures cookies are sent only over HTTPS, and SESSION_COOKIE_HTTPONLY=true prevents JavaScript access.
Step 2: Evaluate other options
A sets domain but not security flags, B disables security flags, C changes SameSite but not HTTPS or HttpOnly.
Final Answer:
app.config.update({'SESSION_COOKIE_SECURE': true, 'SESSION_COOKIE_HTTPONLY': true}) -> Option A
Quick Check:
Secure and HttpOnly cookies = D [OK]

Quick Trick: Set SESSION_COOKIE_SECURE and SESSION_COOKIE_HTTPONLY to true [OK]

Common Mistakes:

MISTAKES

Setting SESSION_COOKIE_SECURE to false
Confusing SameSite with Secure and HttpOnly flags
Not setting HttpOnly to prevent JavaScript access

Master "Security Best Practices" in Flask

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Perf

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More Flask Quizzes

You want to improve session security in your Flask app by ensuring cookies are only sent over HTTPS and not accessible by JavaScript. Which configuration should you add?

Step 1: Understand cookie security flags

Step 2: Evaluate other options

Final Answer:

Quick Check:

Want More Practice?