mirror of https://github.com/django/django.git
[3.1.x] Refs #28741 -- Doc'd SESSION_COOKIE_DOMAIN requirement with CSRF_USE_SESSIONS.
Similar considerations as refs #32065, again adding some nuance toafd375fc34
. Backport of2e7ba6057c
from master
This commit is contained in:
parent
a7e2f6c257
commit
f4db2d16ec
|
@ -3172,6 +3172,10 @@ The domain to use for session cookies. Set this to a string such as
|
|||
``"example.com"`` for cross-domain cookies, or use ``None`` for a standard
|
||||
domain cookie.
|
||||
|
||||
To use cross-domain cookies with :setting:`CSRF_USE_SESSIONS`, you must include
|
||||
a leading dot (e.g. ``".example.com"``) to accommodate the CSRF middleware's
|
||||
referer checking.
|
||||
|
||||
Be cautious when updating this setting on a production site. If you update
|
||||
this setting to enable cross-domain cookies on a site that previously used
|
||||
standard domain cookies, existing user cookies will be set to the old
|
||||
|
|
Loading…
Reference in New Issue