SESSION_COOKIE_DOMAIN caveat documentation (#5464)

2024-05-25 10:27:04 -07:00 · 2024-05-25 10:27:04 -07:00 · a2f495b9ff
commit a2f495b9ff
parent bea5876e46 4a1766c252
1 changed files with 6 additions and 0 deletions
--- a/docs/config.rst
+++ b/docs/config.rst
@ -142,6 +142,12 @@ The following configuration values are used internally by Flask:

    Default: ``None``

+    .. warning::
+        If this is changed after the browser created a cookie is created with
+        one setting, it may result in another being created. Browsers may send
+        send both in an undefined order. In that case, you may want to change
+        :data:`SESSION_COOKIE_NAME` as well or otherwise invalidate old sessions.
+
    .. versionchanged:: 2.3
        Not set by default, does not fall back to ``SERVER_NAME``.