Re: [Django] #31934: SESSION_COOKIE_SAMESITE - document that unsetting "SameSite" has defaults in some browsers

6 views
Skip to first unread message

Django

unread,
Aug 23, 2020, 12:51:26 AM8/23/20
to django-...@googlegroups.com
#31934: SESSION_COOKIE_SAMESITE - document that unsetting "SameSite" has defaults
in some browsers
-------------------------------+--------------------------------------
Reporter: אורי | Owner: nobody
Type: Uncategorized | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Description changed by אורי:

Old description:

> [https://code.djangoproject.com/ticket/31933 #31933]
>
> `SESSION_COOKIE_SAMESITE` is documented (in Django 3.1) with the options
> 'Strict', 'Lax', 'None' and False. However, False means cookies will be
> sent without `SameSite`, which means some browsers (Chrome, Dolphin) will
> give it default such as 'Lax', which is different than what used to be in
> the past. I think this default should be documented in all active
> versions of Django. Maybe it's also better to add that using False is not
> recommended.

New description:

[https://code.djangoproject.com/ticket/31933 #31933]

`SESSION_COOKIE_SAMESITE` is documented (in Django 3.1) with the options
'Strict', 'Lax', 'None' and False. However, False means cookies will be
sent without `SameSite`, which means some browsers (Chrome, Dolphin) will
give it default such as 'Lax', which is different than what used to be in
the past. I think this default should be documented in all active versions
of Django. Maybe it's also better to add that using False is not
recommended.

Also, document that with Chrome, if you use 'None' the cookie must be
secure.

--

--
Ticket URL: <https://code.djangoproject.com/ticket/31934#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
Aug 23, 2020, 10:23:02 PM8/23/20
to django-...@googlegroups.com
#31934: SESSION_COOKIE_SAMESITE - document that unsetting "SameSite" has defaults
in some browsers
-------------------------------+--------------------------------------
Reporter: אורי | Owner: nobody
Type: Uncategorized | Status: new
Component: Documentation | Version: master

Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by אורי):

* cc: אורי (added)


--
Ticket URL: <https://code.djangoproject.com/ticket/31934#comment:3>

Reply all
Reply to author
Forward
0 new messages