Section
2.1.10
Top Level
Sub Level
General
Restricting the session cookie to only the parts of the site that require the user to be authenticated will help to prevent its inadvertent disclosure.
Django
Use the SESSION_COOKIE_DOMAIN and SESSION_COOKIE_PATH settings.