Opened 4 years ago
Closed 4 years ago
#31145 closed Uncategorized (invalid)
Session cookie has always the "SameSite=Lax" header.
| Reported by: | jET | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.sessions | Version: | 3.0 |
| Severity: | Normal | Keywords: | SameSite |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
When I use requests test loginView, return 302 and response header set-cookie , in sessionid line, there are always have a "SameSite=Lax," before sessionid string. This causes client cookies parser problem。
{set-cookie: csrftoken=dsEtx2CP6rX5bhIbRmkTOv5LmciytID5t6ShQbgNMTALTnhCoXdxWQ1TcAzxQoDO; expires=Wed, 06 Jan 2021 17:01:00 GMT; Max-Age=31449600; Path=/; SameSite=Lax,sessionid=2rtrkbnhc8m30iqs7sw4em014hr6a3ss; expires=Wed, 22 Jan 2020 17:01:00 GMT; HttpOnly; Max-Age=1209600; Path=/; SameSite=Lax, location: /, cache-control: max-age=0, no-cache, no-store, must-revalidate, private, date: Wed, 08 Jan 2020 17:01:00 GMT, vary: Cookie, content-length: 0, x-frame-options: DENY, content-type: text/html; charset=utf-8, x-content-type-options: nosniff, server: WSGIServer/0.2 CPython/3.7.6, expires: Wed, 08 Jan 2020 17:01:00 GMT}
Change History (1)
comment:1 by , 4 years ago
| Component: | Uncategorized → contrib.sessions |
|---|---|
| Resolution: | → invalid |
| Status: | new → closed |
| Summary: | There always has a "SameSite=Lax" string with sessionid in response header like " SameSite=Lax,sessionid=2rtrkbnhc8m30iqs7sw4em014hr6a3ss" → Session cookie has always the "SameSite=Lax" header. |
Note:
See TracTickets
for help on using tickets.
Laxis a default value, you can change it with the SESSION_COOKIE_SAMESITE setting.Please don't use Trac as a support channel.
Closing per TicketClosingReasons/UseSupportChannels.