A secure programmatic advertising demo using Flask and HTTPS. This project focuses on implementing robust web security practices, including HTTPS (SSL/TLS), Signed Cookies, and persistent Session Tracking.
- Local HTTPS: Uses
mkcertfor a trusted local development environment. - Secure Sessions: Implements Flask
sessionfor tamper-proof visitor counting. - User Profiles: Persistent storage of user interests and visit analytics.
- Targeted Ads: Basic ad targeting logic based on user data and loyalty.
- Database Persistence: SQLite-backed user management with hashed passwords and profile tracking.
- Secure=True: Ensures cookies are only sent over encrypted HTTPS connections.
- HttpOnly=True: Prevents client-side scripts (JavaScript) from accessing session cookies, mitigating XSS attacks.
- SameSite=Lax: Protects against Cross-Site Request Forgery (CSRF) while allowing essential functionality.
- Session Signing: Uses a
SECRET_KEYto sign data, preventing users from manually editing their visit counts in the browser console.
You'll need mkcert to handle local SSL certificates.
- Windows:
choco install mkcert - macOS:
brew install mkcert - Linux (Ubuntu):
sudo apt install mkcert libnss3-tools
Run the initial setup:
mkcert -installmkcert localhost 127.0.0.1 ::1Creates localhost+2.pem and localhost+2-key.pem files.
pip install -r requirements.txtThe application uses SQLite. To manually initialize the schema using schema.sql:
sqlite3 users.db < schema.sql(Note: The app will also initialize the database automatically on startup if users.db is missing.)
python cookies.pyAccess the secure portal at: https://127.0.0.1:5001
cookies.py: Main Flask application and database models.schema.sql: Database table definitions for SQLite.users.db: Persistent database file (ignored by Git).requirements.txt: Python package dependencies..gitignore: Prevents sensitive certificates and local databases from being committed.
This project is licensed under the MIT License - see the LICENSE file for details.