[Django] #26783: SessionMiddleware does not correctly delete an empty session cookie when SESSION_COOKIE_PATH is set
Django
SESSION_COOKIE_PATH is set
----------------------------------+--------------------
Reporter: jdufresne | Owner: nobody
Type: Bug | Status: new
Component: contrib.sessions | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
----------------------------------+--------------------
`SessionMiddleware` is not passing the `SESSION_COOKIE_PATH` to
`response.delete_cookie()` `path` argument. Browsers will not delete the
cookie if the path does not match. This fact is acknowledged in
[https://docs.djangoproject.com/en/dev/ref/request-
response/#django.http.HttpResponse.delete_cookie Django's documentation].
> Due to the way cookies work, path and domain should be the same values
you used in set_cookie() – otherwise the cookie may not be deleted.
Link to bug in code:
https://github.com/django/django/blob/9baf692/django/contrib/sessions/middleware.py#L38
--
Ticket URL: <https://code.djangoproject.com/ticket/26783>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
SESSION_COOKIE_PATH is set
Reporter: jdufresne | Owner: nobody
Type: Bug | Status: new
Component: contrib.sessions | Version: master
Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by jdufresne):
* needs_better_patch: => 0
* has_patch: 0 => 1
* needs_tests: => 0
* needs_docs: => 0
Comment:
https://github.com/django/django/pull/6811
--
Ticket URL: <https://code.djangoproject.com/ticket/26783#comment:1>
Django
SESSION_COOKIE_PATH is set
Reporter: jdufresne | Owner: nobody
Type: Bug | Status: new
Component: contrib.sessions | Version: master
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by timgraham):
* stage: Unreviewed => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/26783#comment:2>
Django
SESSION_COOKIE_PATH is set
Reporter: jdufresne | Owner: nobody
Type: Bug | Status: closed
Component: contrib.sessions | Version: master
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Tim Graham <timograham@…>):
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"d13881bd34ff8f76b902ef5256001341d60b3161" d13881bd]:
{{{
#!CommitTicketReference repository=""
revision="d13881bd34ff8f76b902ef5256001341d60b3161"
Fixed #26783 -- Fixed SessionMiddleware's empty cookie deletion when using
SESSION_COOKIE_PATH.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/26783#comment:3>
Django
SESSION_COOKIE_PATH is set
Reporter: jdufresne | Owner: nobody
Type: Bug | Status: closed
Component: contrib.sessions | Version: master
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Tim Graham <timograham@…>):
In [changeset:"e725a68bcce4106fa3e1e8ecb0145ddef03d9005" e725a68b]:
{{{
#!CommitTicketReference repository=""
revision="e725a68bcce4106fa3e1e8ecb0145ddef03d9005"
[1.10.x] Fixed #26783 -- Fixed SessionMiddleware's empty cookie deletion
when using SESSION_COOKIE_PATH.
Backport of d13881bd34ff8f76b902ef5256001341d60b3161 from master
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/26783#comment:4>