add SESSION_COOKIE_PARTITIONED config

co-authored-by: Jose Cespedes <josecespedes@ibm.com>
2024-06-09 19:55:22 -06:00 · 2024-06-09 19:55:22 -06:00 · 9efc1ebeeb
commit 9efc1ebeeb
parent 6f2014d353
5 changed files with 34 additions and 0 deletions
--- a/src/flask/app.py
+++ b/src/flask/app.py
@ -189,6 +189,7 @@ class Flask(App):
            "SESSION_COOKIE_PATH": None,
            "SESSION_COOKIE_HTTPONLY": True,
            "SESSION_COOKIE_SECURE": False,
+            "SESSION_COOKIE_PARTITIONED": False,
            "SESSION_COOKIE_SAMESITE": None,
            "SESSION_REFRESH_EACH_REQUEST": True,
            "MAX_CONTENT_LENGTH": None,
--- a/src/flask/sessions.py
+++ b/src/flask/sessions.py
@ -224,6 +224,14 @@ class SessionInterface:
        """
        return app.config["SESSION_COOKIE_SAMESITE"]  # type: ignore[no-any-return]

+    def get_cookie_partitioned(self, app: Flask) -> bool:
+        """Returns True if the cookie should be partitioned. By default, uses
+        the value of :data:`SESSION_COOKIE_PARTITIONED`.
+
+        .. versionadded:: 3.1
+        """
+        return app.config["SESSION_COOKIE_PARTITIONED"]  # type: ignore[no-any-return]
+
    def get_expiration_time(self, app: Flask, session: SessionMixin) -> datetime | None:
        """A helper method that returns an expiration date for the session
        or ``None`` if the session is linked to the browser session.  The
@ -338,6 +346,7 @@ class SecureCookieSessionInterface(SessionInterface):
        domain = self.get_cookie_domain(app)
        path = self.get_cookie_path(app)
        secure = self.get_cookie_secure(app)
+        partitioned = self.get_cookie_partitioned(app)
        samesite = self.get_cookie_samesite(app)
        httponly = self.get_cookie_httponly(app)

@ -354,6 +363,7 @@ class SecureCookieSessionInterface(SessionInterface):
                    domain=domain,
                    path=path,
                    secure=secure,
+                    partitioned=partitioned,
                    samesite=samesite,
                    httponly=httponly,
                )
@ -374,6 +384,7 @@ class SecureCookieSessionInterface(SessionInterface):
            domain=domain,
            path=path,
            secure=secure,
+            partitioned=partitioned,
            samesite=samesite,
        )
        response.vary.add("Cookie")