Set Secure Flag For Cookies In Flask-Security

Asked May 14 '17 at 16:08

Active Jun 14 '17 at 15:06

Viewed 478 times

I am doing server security testing and at every server security testing website it tells me that cookies are being created without the secure flag

The message is specifically:

The cookie is missing the Secure flag, make sure it does not store sensitive information.

I am using Flask and Flask-Security for creating sessions. I've looked through the docs but cannot find anything on the secure flag.

Does anyone know if this has to be within flask-security or outside? If in flask-security, how do I add this secure flag?

edited Jun 14 '17 at 15:06

asked May 14 '17 at 16:08

l3o

This also comes up when using Kali Linux penetration and server information gathering tools so I'm assuming it is an exploitable weakness which could cause problems in the future. – l3o May 14 '17 at 16:09
It's exploitable indeed, but really hard if your domain is on the HTTPS preload list. – Avamander Jan 07 '18 at 14:07

0 Answers0