After a security report, I’ve been asked to provide a secure session cookie. I

Question

0

Asked: June 5, 20262026-06-05T04:48:20+00:00 2026-06-05T04:48:20+00:00

After a security report, I’ve been asked to provide a secure session cookie. I

0

After a security report, I’ve been asked to provide a secure session cookie.

I am using pyramid_beaker.session_factory_from_settings() and was lucky(?) to be able to set the httponly with ('session.httponly', True), but ('session.secure', True) does not provide the second option.

Is it possible to do it?

Pointers to the different session.* settings much appreciated also.

EDIT: I found a list in beaker.utils.coerce_session_params()

Thanks.

EDIT: I think i got the problem. I am using in development:

        http_server = simple_server.make_server('0.0.0.0', no_port, app)
        http_server.serve_forever()

, so the cookie is not sent because I am not in HTTPS. I need to set up an HTTPs server for this.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-05T04:48:21+00:00

Editorial Team

2026-06-05T04:48:21+00:00Added an answer on June 5, 2026 at 4:48 am

Sorry, is there a question here? It sounds like you answered the original one and are now looking at making your development setup work under https? Personally I tend to worry about that only on my staging server (where nginx handles the certificates), but in my development.ini locally I do not make cookies secure.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

After a security report, I’ve been asked to provide a secure session cookie. I

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply