id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
31260	Enable cookie security if HTTPS is explicity indicated in settings.	Adam Yala	nobody	"Per this conversation 
https://forum.djangoproject.com/t/why-are-cookie-secure-settings-defaulted-to-false/
on forum.djangoproject.com with Adam Johnson, the goal of this ticket is to help improve Django's default security. 

By default, SESSION_COOKIE_SECURE and CSRF_COOKIE_SECURE are set to False.

The purpose of this ticket is to set SESSION_COOKIE_SECURE and CSRF_COOKIE_SECURE to True if either SECURE_SSL_REDIRECT or SECURE_HSTS_SECONDS is enabled."	Cleanup/optimization	closed	Core (Other)	3.0	Normal	wontfix	ssl https cookie settings	Adam Johnson	Unreviewed	0	0	0	0	0	0