Opened 5 years ago
Closed 5 years ago
#31145 closed Uncategorized (invalid)
Session cookie has always the "SameSite=Lax" header.
Reported by: | jET | Owned by: | nobody |
---|---|---|---|
Component: | contrib.sessions | Version: | 3.0 |
Severity: | Normal | Keywords: | SameSite |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
When I use requests test loginView, return 302 and response header set-cookie , in sessionid line, there are always have a "SameSite=Lax," before sessionid string. This causes client cookies parser problem。
{set-cookie: csrftoken=dsEtx2CP6rX5bhIbRmkTOv5LmciytID5t6ShQbgNMTALTnhCoXdxWQ1TcAzxQoDO; expires=Wed, 06 Jan 2021 17:01:00 GMT; Max-Age=31449600; Path=/; SameSite=Lax,sessionid=2rtrkbnhc8m30iqs7sw4em014hr6a3ss; expires=Wed, 22 Jan 2020 17:01:00 GMT; HttpOnly; Max-Age=1209600; Path=/; SameSite=Lax, location: /, cache-control: max-age=0, no-cache, no-store, must-revalidate, private, date: Wed, 08 Jan 2020 17:01:00 GMT, vary: Cookie, content-length: 0, x-frame-options: DENY, content-type: text/html; charset=utf-8, x-content-type-options: nosniff, server: WSGIServer/0.2 CPython/3.7.6, expires: Wed, 08 Jan 2020 17:01:00 GMT}
Change History (1)
comment:1 by , 5 years ago
Component: | Uncategorized → contrib.sessions |
---|---|
Resolution: | → invalid |
Status: | new → closed |
Summary: | There always has a "SameSite=Lax" string with sessionid in response header like " SameSite=Lax,sessionid=2rtrkbnhc8m30iqs7sw4em014hr6a3ss" → Session cookie has always the "SameSite=Lax" header. |
Note:
See TracTickets
for help on using tickets.
Lax
is a default value, you can change it with the SESSION_COOKIE_SAMESITE setting.Please don't use Trac as a support channel.
Closing per TicketClosingReasons/UseSupportChannels.