Include samesite and secure keys when removing session cookie#3726

matush-v · 2020-08-10T13:13:39Z

The samesite key is required on empty cookies. When a flask session is cleared, the delete cookie logic needs to set the configured samesite and secure keys.

Requires that pallets/werkzeug#1889 is merged first.

matush-v · 2020-08-10T13:32:43Z

Running pytest succeded but the full suite via tox is failing on the delete_cookie method I'm utilizing. Seems like I'll need to first update https://github.com/pallets/werkzeug/blob/b45ac05b7feb30d4611d6b754bd94334ece4b1cd/src/werkzeug/test.py#L886 to support samesite and secure

pgjones · 2020-08-10T14:34:46Z

See, pallets/werkzeug#1889 which I think is a blocker for this.

matush-v · 2020-08-24T02:45:03Z

@pgjones thanks for the reference. It definitely looks like that PR will be necessary for this functionality. I'll also need to update the werkzeug test session class to have nearly identical changes to your PR.

matush-v changed the title ~~include samesite and secure keys when removing session cookie~~ Include samesite and secure keys when removing session cookie Aug 10, 2020

matush-v mentioned this pull request Aug 24, 2020

Bugfix accept additional attributes to the delete cookie pallets/werkzeug#1889

Merged

davidism added this to the 2.0.0 milestone Oct 15, 2020

davidism force-pushed the empty-session-samesite branch from 696d1b4 to 929fa37 Compare October 15, 2020 21:07

include samesite and secure when removing session cookie

18c4fbc

davidism force-pushed the empty-session-samesite branch from 929fa37 to 18c4fbc Compare November 5, 2020 02:12

davidism merged commit 22987b6 into pallets:master Nov 5, 2020

matush-v deleted the empty-session-samesite branch November 5, 2020 02:46

github-actions Bot locked as resolved and limited conversation to collaborators Nov 20, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Include samesite and secure keys when removing session cookie#3726