maya-chen/flask
1
0
Fork 0
forked from orbit-oss/flask
Code Pull requests Activity

set Vary: Cookie header consistently for session

Browse source
This commit is contained in:
David Lord 2023-05-01 08:01:32 -07:00
parent a6367dac74
commit 8646edca6f
No known key found for this signature in database
GPG key ID: 7A1C87E3F5BC42A8
3 changed files with 30 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/flask/sessions.py
View file

@ -383,6 +383,10 @@ class SecureCookieSessionInterface(SessionInterface):
samesite = self.get_cookie_samesite(app)
httponly = self.get_cookie_httponly(app)
# Add a "Vary: Cookie" header if the session was accessed at all.
if session.accessed:
response.vary.add("Cookie")
# If the session is modified to be empty, remove the cookie.
# If the session is empty, return without setting the cookie.
if not session:
@ -395,13 +399,10 @@ class SecureCookieSessionInterface(SessionInterface):
samesite=samesite,
httponly=httponly,
)
response.vary.add("Cookie")
return
# Add a "Vary: Cookie" header if the session was accessed at all.
if session.accessed:
response.vary.add("Cookie")
if not self.should_set_cookie(app, session):
return
@ -417,3 +418,4 @@ class SecureCookieSessionInterface(SessionInterface):
secure=secure,
samesite=samesite,
)
response.vary.add("Cookie")