Not working when you change SESSION_COOKIE_NAME

jotes / django-cookies-samesite

This repository contains a middleware which automatically sets SameSite attribute for session and csrf cookies in legacy versions of Django.

BSD 3-Clause "New" or "Revised" License

49 stars 35 forks source link

Not working when you change SESSION_COOKIE_NAME #5

Closed Rmaan closed 5 years ago

Rmaan commented 5 years ago

In Django we can set the session cookie name by setting SESSION_COOKIE_NAME in Django settings. Also you can change CSRF cookie name with CSRF_COOKIE_NAME.

But django-cookies-samesite will not work because 'sessionid' and 'csrftoken' is hard-coded in middleware (unless we add them inside SESSION_COOKIE_SAMESITE_KEYS).

jotes commented 5 years ago

@antoinelb Sorry, I'm busy in IRL :( I'll release the new version today.