---
title: Set HttpOnly On Session Cookies  
impact: MEDIUM
impactDescription: prevents cookie theft via XSS
tags: cookies, httponly, xss, session, security
---

## Set HttpOnly On Session Cookies

This rule ensures high quality and security in Python and PySpark applications.

**Implementation Guidance:**
- Follow standard Python best practices (PEP 8)
- Use type hints for better clarity
- For PySpark, prefer DataFrame API over SQL strings where possible
- Ensure proper resource management (using \`with\` statements)