Closed dwang159 closed 6 years ago
@dwang159 mind adding a test that demonstrates the problem? I wan't to prevent regressions on this issue and generally all tickets require a test to be merged.
Added a test as requested, mirroring one in test_cookie_domain_only
. Verified that this test fails before 63a719a
and passes after.
159 adds support for the SameSite flag in cookie sessions, but does not set this option when the cookie is created. As a result, the
session.samesite
option does not actually set the SameSite flag in many cases. This resolves the above issue.