diff --git a/app/models.py b/app/models.py
index 3a82c5b9..9b2d7a10 100644
--- a/app/models.py
+++ b/app/models.py
@@ -579,8 +579,8 @@ class User(UserMixin, db.Model):
 
     def num_content(self):
         content = 0
-        content += db.session.execute(text('SELECT COUNT(id) as c FROM "post" WHERE user_id = ' + str(self.id))).scalar()
-        content += db.session.execute(text('SELECT COUNT(id) as c FROM "post_reply" WHERE user_id = ' + str(self.id))).scalar()
+        content += db.session.execute(text('SELECT COUNT(id) as c FROM "post" WHERE user_id = :user_id'), {'user_id': self.id}).scalar()
+        content += db.session.execute(text('SELECT COUNT(id) as c FROM "post_reply" WHERE user_id = :user_id'), {'user_id': self.id}).scalar()
         return content
 
     def is_local(self):
diff --git a/config.py b/config.py
index 77733c73..f26b3fe4 100644
--- a/config.py
+++ b/config.py
@@ -42,3 +42,7 @@ class Config(object):
     SENTRY_DSN = os.environ.get('SENTRY_DSN') or None
 
     AWS_REGION = os.environ.get('AWS_REGION') or None
+
+    SESSION_COOKIE_SECURE = True
+    SESSION_COOKIE_HTTPONLY = True
+    SESSION_COOKIE_SAMESITE = 'Lax'