Opened 11 years ago

Closed 11 years ago

#22185 closed New feature (fixed)

CSRF cookie should be configurable

Reported by: rogerhu Owned by: nobody
Component: CSRF Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Internet Explorer has the ability to block/disable persistent cookies (http://support.microsoft.com/kb/196955), and corruption of the index.dat cache
(i.e. disk errors that need to be repaired via CHKDSK) can cause Django sites to authenticate correctly but fail to do FORM POST's. To
avoid this behavior, provide the option to configure the CSRF cookie age so that cookies can be configured to be persistent or session-based.

Changes (including test and documentation) are included here:

https://github.com/django/django/pull/2387/files

Change History (1)

comment:1 by Tim Graham <timograham@…>, 11 years ago

Resolution: fixed
Status: newclosed

In 9b729ddd8f2040722971ccfb3b12f7d8162633d1:

Fixed #22185 -- Added settings.CSRF_COOKIE_AGE

Thanks Paul McMillan for the review.

Note: See TracTickets for help on using tickets.
Back to Top