Secure Setting for Django `SESSION_COOKIE_SECURE` flag

This codemod will set Django's SESSION_COOKIE_SECURE flag to True if it's False or missing on the settings.py file within Django's default directory structure.

+ SESSION_COOKIE_SECURE = True

Setting this flag on ensures that the session cookies are only sent under an HTTPS connection. Leaving this flag off may enable an attacker to use a sniffer to capture the unencrypted session cookie and hijack the user's session.

More reading

• https://owasp.org/www-community/controls/SecureCookieAttribute
• https://docs.djangoproject.com/en/4.2/ref/settings/#session-cookie-secure

🧚🤖 Powered by Pixeebot

Feedback | Community | Docs | Codemod ID: pixee:python/django-session-cookie-secure-off

I'm confident in this change, but I'm not a maintainer of this project. Do you see any reason not to merge it?

If this change was not helpful, or you have suggestions for improvements, please let me know!

Just a friendly ping to remind you about this change. If there are concerns about it, we'd love to hear about them!

This change may not be a priority right now, so I'll close it. If there was something I could have done better, please let me know!

You can also customize me to make sure I'm working with you in the way you want.