Skip to content Skip to sidebar Skip to footer
Home / Cookies / Django / Https / Python / Session

Django Https Settings: Why Does Setting Both Session_save_every_request And Session_cookie_secure Break Sessions?

Post a Comment
I'm trying to lock my django app down to only HTTPS access. Everything seems to work fine if only SESSION_SAVE_EVERY_REQUEST is True or if only SESSION_COOKIE_SECURE is True, but i

Solution 1:

Found it! I needed to set a setting to convince django that I am really on https even though I'm hiding behind nginx:

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https')

Reference: https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header

Post a Comment for "Django Https Settings: Why Does Setting Both Session_save_every_request And Session_cookie_secure Break Sessions?"