Cookie settings are controlled by next variables in the environment
COOKIE_NAME: string
Unique sID of the cookie.
COOKIE_SECRET: string
This is the secret that's used to encrypt the data of the cookie. The session data itself is persisted in the database until logout happens or it simply expires.
COOKIE_DOMAIN: string
Defines the host to which the cookie will be sent.
Only the current domain can be set as the value, or a domain of a higher order, unless it is a public suffix. Setting the domain will make the cookie available to it, as well as to all its subdomains.
COOKIE_HTTP_ONLY: boolean
Forbids JavaScript from accessing the cookie, for example, through the Document.cookieproperty. Note that a cookie that has been created with HttpOnly will still be sent with JavaScript-initiated requests, for example, when calling XMLHttpRequest.send() or fetch(). This mitigates attacks against cross-site scripting (XSS).
SESSION_EXPIRATION_MSC: number
Number of miliseconds after which session becomes invalid and requires a new authentication from the client/user.
COOKIE_SECURE: boolean
Boolean that indicates if the cookie is sent to the server only when a request is made with the https: scheme, and therefore, is more resistant to man-in-the-middle attacks.
