id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
33109	Testing of presence of SameSite and Secure cookies doesn't work	Adrien Carpentier	nobody	"When using the following constants in `settings.py`, as Django doc says (https://docs.djangoproject.com/en/3.1/ref/settings/#std:setting-SESSION_COOKIE_SECURE):

{{{
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SAMESITE = 'None'
SESSION_COOKIE_SAMESITE = 'None'
}}}

...and then when testing the presence of `SameSite` and `Secure` cookies in the responses, there is no `SameSite` neither `Secure` cookie keys.
Here is a non passing test, for example, for a user agent that should have `SameSite` and `Secure` cookies:

{{{
agent_string = ""Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.2227.0 Safari/537.36""
from django.test import Client
test_client = Client()
res = test_client.get(""/"", HTTP_USER_AGENT=agent_string)
assert res.cookies.get(self.cookie_key)[""samesite""] == ""None""
assert res.cookies.get(self.cookie_key)[""secure""]
}}}

When printing the content of the cookies (`print(res.cookies.items())`), the cookie keys are not there.

(Until 3.1 I was adding `SameSite` and `Secure` cookies in the responses through a custom middleware before Django 3.1, depending on the user agent, with the exact same passing tests. Since Django 3.1, I just removed the custom middleware and added those constants in `settings.py`)."	Bug	new	HTTP handling	3.1	Normal		cookies, samesite, secure, test		Unreviewed	0	0	0	0	0	0