-
-
Notifications
You must be signed in to change notification settings - Fork 16.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not possible to set a session cookie without a domain attribute when SERVER_NAME is set #1784
Comments
But why? What would be purpose of this? |
@Fajkowsky say |
I don't understand how a decent API would look like. Note that you can already subclass Flask (which is generally encouraged). |
@untitaker ideally A backward compatible approach would be to introduce for example |
You can now set |
See #5051, going to refactor this to remove the |
If cookie has no domain attribute, it is valid only for the exact domain to which the request that sets the cookie is addressed, this is often a desirable behavior. A domain attribute makes the cookie also valid for all sub-domains of the specified domain.
Looking at
flask/flask/sessions.py
Line 198 in c9b29f4
SERVER_NAME
is set, a cookie will always have a domain attribute (either explicitly set viaSESSION_COOKIE_DOMAIN
or inferred from theSERVER_NAME
).Would it be possible to allow setting cookies without a domain when
SERVER_NAME
is set?The text was updated successfully, but these errors were encountered: