31👍
I’ve also been having issues with cross-domain Cookies recently, and I’ve tracked it down to Google Chrome gradually rolling out their security update that forces the SameSite attribute to Lax if it isn’t set
Lax means that the Cookie is going to be blocked cross-domain by default on Google Chrome
Given that you’re inspecting the Cookie’s attributes in the code, I think that if the SameSite attribute isn’t there, than you’re not setting it and therefore Google Chrome is forcing the attribute to Lax
As you’ve stated you’re using Django 3.1, the following four entries in your settings.py file might resolve your issue (as it did for me):
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SAMESITE = 'None'
SESSION_COOKIE_SAMESITE = 'None'
Good luck!
13👍
Going a little bit deeper.
- In production set:
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SAMESITE = 'None'
SESSION_COOKIE_SAMESITE = 'None'
- Do not set any of the above flags in development. It will say that cannot set the cookie with SameSite=None if the connection is NOT secure.
Also make sure that you have Django 3, in Django 2 there is a bug and it will output a ValueError.
- Is there a way to generate pdf containing non-ascii symbols with pisa from django template?
- Some Celery tasks work, others are NotRegistered
- GeoDjango, difference between dwithin and distance_lt?
- In python django how do you print out an object's introspection? The list of all public methods of that object (variable and/or functions)?