Opened 11 years ago
Closed 11 years ago
#22185 closed New feature (fixed)
CSRF cookie should be configurable
Reported by: | rogerhu | Owned by: | nobody |
---|---|---|---|
Component: | CSRF | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Internet Explorer has the ability to block/disable persistent cookies (http://support.microsoft.com/kb/196955), and corruption of the index.dat cache
(i.e. disk errors that need to be repaired via CHKDSK) can cause Django sites to authenticate correctly but fail to do FORM POST's. To
avoid this behavior, provide the option to configure the CSRF cookie age so that cookies can be configured to be persistent or session-based.
Changes (including test and documentation) are included here:
In 9b729ddd8f2040722971ccfb3b12f7d8162633d1: