ravi-patel/flask
1
0
Fork 0
forked from orbit-oss/flask
Code Pull requests Activity

include samesite and secure when removing session cookie (#3726)

Browse source
This commit is contained in:
Mathurshan Vimalesvaran 2020-11-04 21:16:05 -05:00 committed by GitHub
parent 7a444c5dab
commit 22987b6817
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

13
tests/test_basic.py
View file

@ -322,6 +322,19 @@ def test_session_using_session_settings(app, client):
assert "httponly" not in cookie
assert "samesite" in cookie
@app.route("/clear")
def clear():
flask.session.pop("testing", None)
return "Goodbye World"
rv = client.get("/clear", "http://www.example.com:8080/test/")
cookie = rv.headers["set-cookie"].lower()
assert "session=;" in cookie
assert "domain=.example.com" in cookie
assert "path=/" in cookie
assert "secure" in cookie
assert "samesite" in cookie
def test_session_using_samesite_attribute(app, client):
@app.route("/")