How to set an HTTPONLY cookie in Flask
set_cookie() (docs) under Flask APIs. It provides options for setting a HTTPONLY cookie using its
httponly option. For example, the following code will set a HTTPONLY cookie:
set_cookie("name", value = "value", httponly = True)
Flask provides a configuration value
SESSION_COOKIE_HTTPONLY which controls whether cookies are set to be http only. By default, however, it is set to
True, so unless it's explicitly set to
False, cookies will be http only.