Opened 2 weeks ago

Closed 2 weeks ago

#35895 closed Bug (invalid)

Password reset does not work using Safari

Reported by: Christian Thieme Owned by:
Component: contrib.auth Version: 5.1
Severity: Normal Keywords: password reset safari
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The password reset functionionality from django.contrib.auth.views do not work with the latest Safari browser.

After submitting the password reset form and receiving the email, the password reset link is invalid.

Works using Chrome or Firefox.

Verified by multiple users.

Tested on MacOS 15.0.1 and iOS 18.01.

Change History (2)

comment:1 by Christian Thieme, 2 weeks ago

It seems this problem only occurs when using a second level sub domain.

We have a service with a domain like app.example.com, here it works as expected.
Additionally we host the same django project on a demo site with a domain like app.demo.example.com.
The problem only occurs at the demo site.

comment:2 by Christian Thieme, 2 weeks ago

Resolution: invalid
Status: newclosed

I could solve it by setting SESSION_COOKIE_SECURE and CSRF_COOKIE_SECURE to True

Note: See TracTickets for help on using tickets.
Back to Top