[2.2.x] Fixed #31790 -- Fixed setting SameSite cookies flag in HttpResponse.delete_cookie().

Cookies with the "SameSite" flag set to None and without the "secure" flag will be soon rejected by latest browser versions. This affects sessions and messages cookies. Backport of 331324ecce1330dce3dbd1713203cb9a42854ad7 from stable/3.0.x
author: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2020-07-16 09:30:15 +0200
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2020-07-16 09:35:35 +0200
commit: f1a6e6c817f3205ea7da6f973f51524ff630dda5 (patch)
tree: 0c68c7a7ddcea7000cb2f83f636397f3ac7d7b0b /django/contrib/sessions
parent: 6f09ee2be3c0ce07b096af7ac63b64ee7cfc23cf (diff)
download: django-f1a6e6c817f3205ea7da6f973f51524ff630dda5.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/django/contrib/sessions/middleware.py b/django/contrib/sessions/middleware.py
index 6795354cc5..a464b44245 100644
--- a/django/contrib/sessions/middleware.py
+++ b/django/contrib/sessions/middleware.py
@@ -39,6 +39,7 @@ class SessionMiddleware(MiddlewareMixin):
                     settings.SESSION_COOKIE_NAME,
                     path=settings.SESSION_COOKIE_PATH,
                     domain=settings.SESSION_COOKIE_DOMAIN,
+                    samesite=settings.SESSION_COOKIE_SAMESITE,
                 )
             else:
                 if accessed:
author	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2020-07-16 09:30:15 +0200
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2020-07-16 09:35:35 +0200
commit	f1a6e6c817f3205ea7da6f973f51524ff630dda5 (patch)
tree	0c68c7a7ddcea7000cb2f83f636397f3ac7d7b0b /django/contrib/sessions
parent	6f09ee2be3c0ce07b096af7ac63b64ee7cfc23cf (diff)
download	django-f1a6e6c817f3205ea7da6f973f51524ff630dda5.tar.gz