[Django] #28989: Allow deleting cookies using restricted cookie prefixes

[Django]

#28989: Allow deleting cookies using restricted cookie prefixes
------------------------------------------+--------------------------
Reporter: Alvin Lindstam | Owner: nobody
Type: Uncategorized | Status: assigned
Component: Uncategorized | Version: 2.0
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
------------------------------------------+--------------------------
When using a cookie name with a cookie prefix such as `__Secure-` or
`__Host-`, modern browsers (all except Internet Explorer) ignore the Set-
Cookie-header if it does not use the secure flag and otherwise match the
prefix's requirements.

Django's `response.delete_cookie` method always results in a Set-Cookie-
header without the secure flag, which means that it can't delete those
cookies.

It should be possible to delete those cookies, and the prefixes should be
possible to use as `SESSION_COOKIE_NAME` (they are currently not deleted
when the session is emptied).

--
Ticket URL: <https://code.djangoproject.com/ticket/28989>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#28989: Allow deleting cookies using restricted cookie prefixes

--------------------------------+--------------------------------------

Reporter: Alvin Lindstam | Owner: nobody
Type: Uncategorized | Status: assigned
Component: Uncategorized | Version: 2.0

Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

--------------------------------+--------------------------------------
Changes (by Alvin Lindstam):

* has_patch: 0 => 1

Comment:

[https://github.com/django/django/pull/9540 PR]

--
Ticket URL: <https://code.djangoproject.com/ticket/28989#comment:1>

[Django]

#28989: Allow deleting cookies using restricted cookie prefixes

--------------------------------+------------------------------------

Reporter: Alvin Lindstam | Owner: nobody

Type: New feature | Status: assigned
Component: HTTP handling | Version: 2.0
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

--------------------------------+------------------------------------
Changes (by Tim Graham):

* type: Uncategorized => New feature
* component: Uncategorized => HTTP handling
* stage: Unreviewed => Accepted

--
Ticket URL: <https://code.djangoproject.com/ticket/28989#comment:2>

[Django]

#28989: Allow deleting cookies using restricted cookie prefixes

--------------------------------+------------------------------------

Reporter: Alvin Lindstam | Owner: nobody

Type: New feature | Status: closed

Component: HTTP handling | Version: 2.0

Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

--------------------------------+------------------------------------
Changes (by Tim Graham <timograham@…>):

* status: assigned => closed
* resolution: => fixed

Comment:

In [changeset:"47a99d701277f6ec98e6fd220feb9c8a1e66718e" 47a99d70]:
{{{
#!CommitTicketReference repository=""
revision="47a99d701277f6ec98e6fd220feb9c8a1e66718e"
Fixed #28989 -- Fixed HttpResponse.delete_cookie() for cookies that use
__Secure/Host prefixes.
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/28989#comment:3>