From ad33b54081c1a81e698cf66da0eff50a2e7d0e54 Mon Sep 17 00:00:00 2001
From: nemo <nemozak1@gmail.com>
Date: Thu, 9 Nov 2023 12:08:21 +0100
Subject: [PATCH] Added Secure Session Cookies

---
 apimanager/apimanager/settings.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/apimanager/apimanager/settings.py b/apimanager/apimanager/settings.py
index 445de42c..c3501fb6 100644
--- a/apimanager/apimanager/settings.py
+++ b/apimanager/apimanager/settings.py
@@ -282,6 +282,13 @@
 # Always save session$
 SESSION_SAVE_EVERY_REQUEST = True
 
+# Session Cookie Settings
+SESSION_COOKIE_SECURE = True
+SESSION_COOKIE_HTTPONLY = True
+SESSION_COOKIE_AGE = 300
+SESSION_ENGINE = "django.contrib.sessions.backends.signed_cookies"
+
+
 # Paths on API_HOST to OAuth
 OAUTH_TOKEN_PATH = '/oauth/initiate'
 OAUTH_AUTHORIZATION_PATH = '/oauth/authorize'