#15060: csrftoken cookie not being sent over SSL
-------------------------------------+--------------------------------------
Reporter: burhan | Owner: nobody
Status: closed | Milestone:
Component: Core framework | Version: 1.2
Resolution: worksforme | Keywords: csrf ssl https
Stage: Unreviewed | Has_patch: 0
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
-------------------------------------+--------------------------------------
Changes (by lukeplant):
* status: new => closed
* needs_better_patch: => 0
* resolution: => worksforme
* needs_tests: => 0
* needs_docs: => 0
Comment:
SESSION_COOKIE_SECURE should not be used for CSRF cookies, since there is
no link between CSRF and sessions.
We do need a CSRF_COOKIE_SECURE setting, but that is covered by #14134,
and the lack of this setting should not stop the cookie being sent over
SSL. If your problem was the CSRF cookie, I'm pretty sure you wouldn't see
the error you are reporting.
In fact, I use Django on an HTTPS site, and it works fine for me. It has
worked both when I used had both HTTP/HTTPS enabled, and when I switched
to HTTPS only and `SESSION_COOKIE_SECURE = True`.
I'll treat this bug according to the title ("csrftoken cookie not being
sent over SSL"), rather than the other details, and mark as WORKSFORME
accordingly. Please re-open if you can provide more details that would
allow us to reproduce the problem, or a analysis that shows why this would
happen.
Thanks!
--
Ticket URL: <http://code.djangoproject.com/ticket/15060#comment:1>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
