Fixed #31790 -- Fixed setting SameSite and Secure cookies flags in HttpResponse.delete_cookie().

Cookies with the "SameSite" flag set to None and without the "secure" flag will be soon rejected by latest browser versions. This affects sessions and messages cookies.
2025-10-23 21:59:11 +00:00 · 2020-07-16 08:16:58 +02:00
parent 156a2138db
commit 240cbb63bf
10 changed files with 66 additions and 10 deletions
--- a/tests/sessions_tests/tests.py
+++ b/tests/sessions_tests/tests.py
@@ -758,8 +758,9 @@ class SessionMiddlewareTests(TestCase):
        #  Set-Cookie: sessionid=; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/
        self.assertEqual(
            'Set-Cookie: {}=""; expires=Thu, 01 Jan 1970 00:00:00 GMT; '
-            'Max-Age=0; Path=/'.format(
+            'Max-Age=0; Path=/; SameSite={}'.format(
                settings.SESSION_COOKIE_NAME,
+                settings.SESSION_COOKIE_SAMESITE,
            ),
            str(response.cookies[settings.SESSION_COOKIE_NAME])
        )
@@ -789,8 +790,9 @@ class SessionMiddlewareTests(TestCase):
        #              Path=/example/
        self.assertEqual(
            'Set-Cookie: {}=""; Domain=.example.local; expires=Thu, '
-            '01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/example/'.format(
+            '01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/example/; SameSite={}'.format(
                settings.SESSION_COOKIE_NAME,
+                settings.SESSION_COOKIE_SAMESITE,
            ),
            str(response.cookies[settings.SESSION_COOKIE_NAME])
        )