src/authentic2/middleware.py

@@ -264,7 +264,14 @@ class CookieTestMiddleware(MiddlewareMixin):
     def process_response(self, request, response):
         if not self.check(request):
             # set test cookie for 1 year
-            response.set_cookie(self.COOKIE_NAME, '1', max_age=365 * 24 * 3600, samesite='Lax')
+            response.set_cookie(
+                self.COOKIE_NAME,
+                '1',
+                max_age=365 * 24 * 3600,
+                secure=settings.SESSION_COOKIE_SECURE,
+                httponly=True,
+                samesite='Lax',
+            )
         return response