Add support for partitioned session cookies

[bookernath]

Related issue with historical context: https://github.com/pallets/werkzeug/issues/2797

Partitioned cookies are now supported in Werkzeug: https://github.com/pallets/werkzeug/pull/2855

It would be nice to have first-class support for the flask session cookie using the Partitioned flag to provide support for Chrome's CHIPS and allow sessions to continue to work within iframes.

Example usage might be:

app.config['SESSION_COOKIE_SAMESITE'] = "None"
app.config['SESSION_COOKIE_SECURE'] = True
app.config['SESSION_COOKIE_PARTITIONED'] = True # add this?

[odanoburu]

This is related to the warning I get on Firefox, right?

Cookie “session” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Although as I understand it, it won't break anything for me.

[davidism]

No, that's related to same site, which is already possible to set in the app config.

[Josecespedesant]

Hi! I'd like to take a look into collaborate in this issue

I was going through the context of this issue and saw that implicitly if partitioned is set to true it should also set secure to true as mentioned here: https://github.com/pallets/werkzeug/pull/2855/files#diff-cd95d3a95564f3230d4875ac34fc9d039856b033c6b1430d5d3cc864f87cf89aL1300

Would that be the case for here as well?

[davidism]

Yes, but you shouldn't need to do anything extra for that, it's already how it's implemented, as you've linked to.