Opened 5 years ago

Closed 5 years ago

#22185 closed New feature (fixed)

CSRF cookie should be configurable

Reported by: rogerhu Owned by: nobody
Component: CSRF Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Internet Explorer has the ability to block/disable persistent cookies (, and corruption of the index.dat cache
(i.e. disk errors that need to be repaired via CHKDSK) can cause Django sites to authenticate correctly but fail to do FORM POST's. To
avoid this behavior, provide the option to configure the CSRF cookie age so that cookies can be configured to be persistent or session-based.

Changes (including test and documentation) are included here:

Change History (1)

comment:1 Changed 5 years ago by Tim Graham <timograham@…>

Resolution: fixed
Status: newclosed

In 9b729ddd8f2040722971ccfb3b12f7d8162633d1:

Fixed #22185 -- Added settings.CSRF_COOKIE_AGE

Thanks Paul McMillan for the review.

Note: See TracTickets for help on using tickets.
Back to Top