Set Cookies httpOnly, secure; Deployment properties

app.py

@@ -174,7 +174,7 @@ def login_post():
         login_user(user)
         if user.kurs:
             success = make_response(redirect(url_for("welcome")))
-            success.set_cookie("cnsc", newcookie)
+            success.set_cookie("cnsc", value=newcookie, httponly=True, secure=True)
         return success
 
     t = dualisauth.checkUser(email, password)
@@ -197,7 +197,7 @@ def login_post():
     db.session.commit()
     login_user(new_user)
     newcookie = cookie
-    success.set_cookie("cnsc", newcookie)
+    success.set_cookie("cnsc", value=newcookie, httponly=True, secure=True)
     return success
 
 
@@ -210,8 +210,8 @@ def logout():
     db.session.commit()
     logout_user()
     red = make_response(redirect(url_for("login", code=1)))
-    red.set_cookie("cnsc", "Logged out! Your temporary token "
-                           "on our server and the cookie on your device have been deleted.")
+    red.set_cookie("cnsc", value="Logged out! Your temporary token "
+                           "on our server and the cookie on your device have been deleted.", httponly=True, secure=True)
     return red
 
 

uwsgi.ini

@@ -4,6 +4,8 @@ manage-script-name = true
 pidfile = dualhub_flask.pid
 master = true
 processes = 1
-http-socket = :2024
+http-socket = :2025
 chmod-socket = 660
 vacuum = true
+enable-threads = true
+thunder-lock = true