Please ensure your site is using SSL/TLS in production, and SESSION_COOKIE_SECURE is set to True. Decreasing security for development is fine, but using OAuth 2.0 without SSL/TLS in production is a potential security vulnerability.
Clinton On Sun, May 19, 2019 at 12:51 AM Mahyar Damavand <mahyar.damav...@gmail.com> wrote: > Finally I solved the problem by adding this line: > SESSION_COOKIE_SECURE: false > to ecommerce.yml. > This is a security configuration. According to the django docs: > >> If this is set to True, the cookie will be marked as “secure”, which >> means browsers may ensure that the cookie is only sent under an HTTPS >> connection > > and as my instance is not work under HTTPS I faced this problem. > Hope this helps. > > > On Tue, May 14, 2019 at 4:06 PM Mahyar Damavand <mahyar.damav...@gmail.com> > wrote: > >> Hi, >> I have exactly this issue and I'm working with an >> open-release/hawthorn.master instance. >> I changed my browser but the problem persists. and as Clinton advised I >> use different urls to access to ecommerce/lms systems. >> Any solution do you found to manage this? >> >> On Mon, Mar 11, 2019 at 6:12 PM More <giftmorestu...@gmail.com> wrote: >> >>> Hi all, >>> >>> I've also got the same error, do you have any suggestion to fix this >>> issue? >>> >>> Thank you >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "General Open edX discussion" group. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/edx-code/80380349-5a9f-4303-8098-5d4cc76085bc%40googlegroups.com >>> <https://groups.google.com/d/msgid/edx-code/80380349-5a9f-4303-8098-5d4cc76085bc%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> >> >> -- >> """"""""""""""""""""""" >> مهیار دماوند >> *Mahyar Damavand* >> >> """"""""""""""""""""""" >> > > > -- > """"""""""""""""""""""" > مهیار دماوند > *Mahyar Damavand* > > """"""""""""""""""""""" > > -- > You received this message because you are subscribed to a topic in the > Google Groups "General Open edX discussion" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/edx-code/fTg-r7rNBrY/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > edx-code+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/edx-code/CABCzmJ%2Bm3JYxf2O%2BRftPX8F3rLHYkrAGNiHkB%2BhVszHWb5%2BspQ%40mail.gmail.com > <https://groups.google.com/d/msgid/edx-code/CABCzmJ%2Bm3JYxf2O%2BRftPX8F3rLHYkrAGNiHkB%2BhVszHWb5%2BspQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "General Open edX discussion" group. To unsubscribe from this group and stop receiving emails from it, send an email to edx-code+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/CAB%3DVk83ieACtFVZyd2dgGVcmZX_YKHnbXASmfYzEws4G%2Bi%3D%3D_g%40mail.gmail.com.
