Context Navigation

← Previous Ticket
Next Ticket →

#22185 closed New feature (fixed)

CSRF cookie should be configurable

Reported by:	rogerhu	Owned by:	nobody
Component:	CSRF	Version:	dev
Severity:	Normal	Keywords:
Cc:		Triage Stage:	Unreviewed
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	no	UI/UX:	no

Description

Internet Explorer has the ability to block/disable persistent cookies (http://support.microsoft.com/kb/196955), and corruption of the index.dat cache
(i.e. disk errors that need to be repaired via CHKDSK) can cause Django sites to authenticate correctly but fail to do FORM POST's. To
avoid this behavior, provide the option to configure the CSRF cookie age so that cookies can be configured to be persistent or session-based.

Changes (including test and documentation) are included here:

https://github.com/django/django/pull/2387/files

Change History (1)

comment:1 by Tim Graham <timograham@…>, 10 years ago

Resolution:	→ fixed
Status:	new → closed

In 9b729ddd8f2040722971ccfb3b12f7d8162633d1:

Fixed #22185 -- Added settings.CSRF_COOKIE_AGE

Thanks Paul McMillan for the review.

Note: See TracTickets for help on using tickets.

Download in other formats:

Issues

Context Navigation

#22185 closed New feature (fixed)

CSRF cookie should be configurable

Description

Change History (1)

comment:1 by Tim Graham <timograham@…>, 10 years ago

Download in other formats:

Django Links

Learn More

Get Involved

Get Help

Follow Us

Support Us