Opened 3 hours ago
Closed 113 minutes ago
#35895 closed Bug (invalid)
Password reset does not work using Safari
| Reported by: | Christian Thieme | Owned by: | |
|---|---|---|---|
| Component: | contrib.auth | Version: | 5.1 |
| Severity: | Normal | Keywords: | password reset safari |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The password reset functionionality from django.contrib.auth.views do not work with the latest Safari browser.
After submitting the password reset form and receiving the email, the password reset link is invalid.
Works using Chrome or Firefox.
Verified by multiple users.
Tested on MacOS 15.0.1 and iOS 18.01.
Change History (2)
comment:1 by , 3 hours ago
comment:2 by , 113 minutes ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
I could solve it by setting SESSION_COOKIE_SECURE and CSRF_COOKIE_SECURE to True
Note:
See TracTickets
for help on using tickets.
It seems this problem only occurs when using a second level sub domain.
We have a service with a domain like app.example.com, here it works as expected.
Additionally we host the same django project on a demo site with a domain like app.demo.example.com.
The problem only occurs at the demo site.