search

pallets-eco / flask-session

Server side session extension for Flask
https://flask-session.readthedocs.io
BSD 3-Clause "New" or "Revised" License
501 stars 239 forks source link

Use samesite cookie attribute from Flask app configuration #130

Closed yaroslaff closed 3 years ago

yaroslaff commented 3 years ago

Added support for samesite cookie attribute, please merge it. Modified save_session() for all *SessionInterface:

    def save_session(self, app, session, response):
        ...
        samesite = self.get_cookie_samesite(app)
        ...
        response.set_cookie(app.session_cookie_name, session_id,
                            expires=expires, httponly=httponly,
                            domain=domain, path=path, secure=secure,
                            samesite=samesite)

There is older pull request ( #116 ), I did not noticed it initially. But my request is for currenct version of Flask-Session, and fixes all *SessionInterface classes.

Until Flask-Session will support samesite (if you need working samesite right now), there is quick-n-dirty workaround to install my fork:

pip install git+https://github.com/yaroslaff/flask-session.git@samesite
Jonathantsho commented 3 years ago

Plesae merge this!!!

fengsp commented 3 years ago

Fixed in #116