Bird
0
0

What will happen if you set SESSION_COOKIE_SECURE = True but run your Flask app on HTTP?

medium📝 component behavior Q4 of 15
Flask - Security Best Practices
What will happen if you set SESSION_COOKIE_SECURE = True but run your Flask app on HTTP?
ASession cookies will be sent over HTTP and HTTPS as usual
BSession cookies will only be sent over HTTPS, so no cookies sent over HTTP
CThe app will raise an error and refuse to start
DSession cookies will be encrypted automatically
Step-by-Step Solution
Solution:

  1. Step 1: Understand SESSION_COOKIE_SECURE behavior

    This flag ensures cookies are sent only over HTTPS connections.

  2. Step 2: Consider running on HTTP

    If app runs on HTTP, cookies with this flag won't be sent, causing session loss.

  3. Final Answer:

    Session cookies will only be sent over HTTPS, so no cookies sent over HTTP -> Option B

  4. Quick Check:

    SECURE=True blocks cookies on HTTP [OK]
Quick Trick: SECURE=True means cookies only sent on HTTPS [OK]
Common Mistakes:
MISTAKES
  • Thinking cookies still send on HTTP
  • Expecting app startup error
  • Assuming automatic encryption

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Flask Quizzes
Background Tasks - Task status monitoring - Quiz 10hard Deployment - Database migration in deployment - Quiz 5medium Flask Ecosystem and Patterns - Repository pattern for data access - Quiz 15hard Flask Ecosystem and Patterns - Flask extensions directory - Quiz 7medium Flask Ecosystem and Patterns - Flask extensions directory - Quiz 10hard Middleware and Extensions - Before_request as middleware alternative - Quiz 12easy Security Best Practices - Rate limiting for protection - Quiz 4medium Security Best Practices - SQL injection prevention - Quiz 1easy Testing Flask Applications - Coverage reporting - Quiz 10hard Testing Flask Applications - Why testing matters - Quiz 4medium