#25125: Add a check in the checks framework for colliding LANGUAGE_COOKIE_NAME &
SESSION_COOKIE_NAME
----------------------------------+------------------------------------
Reporter: kezabelle | Owner: kswiat
Type: New feature | Status: assigned
Component: contrib.sessions | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 1 | UI/UX: 0
----------------------------------+------------------------------------
Comment (by timgraham):
I'd update the documentation to something like "The name can be whatever
you want as long as it's different from the other cookie names in your
application."
Now that `CSRF_COOKIE_NAME` is in the mix, it makes sense to be a core
check, but having a contrib app's setting in a core check isn't ideal
(maybe practicality beats purity). While third-party apps could write a
check to verify their cookies don't collide with Django's, they couldn't
write a check to verify their cookies don't collide with other apps'.
All in all, I don't think it's common problem that would be mitigated much
by a check so I tend to favor just updating the docs and moving on (other
opinions welcome).
--
Ticket URL: <https://code.djangoproject.com/ticket/25125#comment:9>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/067.a46be832a1463672f361a58189f7fd6a%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
