maya-chen/flask
1
0
Fork 0
forked from orbit-oss/flask
Code Pull requests Activity

include samesite and secure when removing session cookie (#3726)

Browse source
This commit is contained in:
Mathurshan Vimalesvaran 2020-11-04 21:16:05 -05:00 committed by GitHub
parent 7a444c5dab
commit 22987b6817
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/flask/sessions.py
View file

@ -351,12 +351,16 @@ class SecureCookieSessionInterface(SessionInterface):
name = self.get_cookie_name(app)
domain = self.get_cookie_domain(app)
path = self.get_cookie_path(app)
secure = self.get_cookie_secure(app)
samesite = self.get_cookie_samesite(app)
# If the session is modified to be empty, remove the cookie.
# If the session is empty, return without setting the cookie.
if not session:
if session.modified:
response.delete_cookie(name, domain=domain, path=path)
response.delete_cookie(
name, domain=domain, path=path, secure=secure, samesite=samesite
)
return
@ -368,8 +372,6 @@ class SecureCookieSessionInterface(SessionInterface):
return
httponly = self.get_cookie_httponly(app)
secure = self.get_cookie_secure(app)
samesite = self.get_cookie_samesite(app)
expires = self.get_expiration_time(app, session)
val = self.get_signing_serializer(app).dumps(dict(session))
response.set_cookie(