Insecure cookie settings can lead to unencrypted cookie transmission. Even if a cookie doesn't contain sensitive data now, it could be added later. It's good practice to transmit all cookies only through secure channels.
1def secure_cookie_noncompliant():
2 from http.cookies import SimpleCookie
3 cookie = SimpleCookie()
4 cookie['sample'] = "sample_value"
5 # Noncompliant: the cookie is insecure.
6 cookie['sample']['secure'] = 0
7 print(cookie)
1def secure_cookie_compliant():
2 from http.cookies import SimpleCookie
3 cookie = SimpleCookie()
4 cookie['sample'] = "sample_value"
5 # Compliant: the cookie is secure.
6 cookie['sample']['secure'] = True # compliant
7 print(cookie)