#22185 closed New feature (fixed)

CSRF cookie should be configurable

Reported by: rogerhu Owned by: nobody
Component: CSRF Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation:
Needs tests: Patch needs improvement:
Easy pickings: no UI/UX: no

Description

Internet Explorer has the ability to block/disable persistent cookies (http://support.microsoft.com/kb/196955), and corruption of the index.dat cache
(i.e. disk errors that need to be repaired via CHKDSK) can cause Django sites to authenticate correctly but fail to do FORM POST's. To
avoid this behavior, provide the option to configure the CSRF cookie age so that cookies can be configured to be persistent or session-based.

Changes (including test and documentation) are included here:

https://github.com/django/django/pull/2387/files

Change History (1)

comment:1 Changed 16 months ago by Tim Graham <timograham@…>

  • Resolution set to fixed
  • Status changed from new to closed

In 9b729ddd8f2040722971ccfb3b12f7d8162633d1:

Fixed #22185 -- Added settings.CSRF_COOKIE_AGE

Thanks Paul McMillan for the review.

Note: See TracTickets for help on using tickets.
Back to Top