p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Refs #28741 -- Doc'd SESSION_COOKIE_DOMAIN requirement with CSRF_USE_SESSIONS. 

Similar considerations as refs #32065, again adding some nuance to
afd375fc34.
This commit is contained in:
Tim Graham 2021-01-02 19:56:54 -05:00 committed by Mariusz Felisiak
parent 3363cf4225
commit 2e7ba6057c
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/ref/settings.txt
View File

@ -3167,6 +3167,10 @@ The domain to use for session cookies. Set this to a string such as
``"example.com"`` for cross-domain cookies, or use ``None`` for a standard
domain cookie.
To use cross-domain cookies with :setting:`CSRF_USE_SESSIONS`, you must include
a leading dot (e.g. ``".example.com"``) to accommodate the CSRF middleware's
referer checking.
Be cautious when updating this setting on a production site. If you update
this setting to enable cross-domain cookies on a site that previously used
standard domain cookies, existing user cookies will be set to the old