Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable SESSION_COOKIE_DOMAIN in local environment #319

Closed
wants to merge 1 commit into from
Closed

Disable SESSION_COOKIE_DOMAIN in local environment #319

wants to merge 1 commit into from

Conversation

niccolomineo
Copy link
Member

In Safari, in the context of a local environment, there seems to occur a collision between the anti CSRF mechanism and the SESSION_COOKIE_DOMAIN value, for Talos as a tool is intended to be used with a multiple project mentality. Hardcoding the SESSION_COOKIE_DOMAIN as localhost for all projects currently renders ineffective any attempt to log in to any Django admin, but the first Django admin one has ever logged in to, with said browser.

The first solution that comes to mind is to disable SESSION_COOKIE_DOMAIN locally.

@niccolomineo niccolomineo self-assigned this Sep 12, 2024
@niccolomineo niccolomineo changed the title Disable SESSION_COOKIE_DOMAIN in local environment Disable SESSION_COOKIE_DOMAIN in local environment Sep 12, 2024
@trottomv
Copy link
Contributor

trottomv commented Nov 13, 2024
edited
Loading

In Safari, in the context of a local environment, there seems to occur a collision between the anti CSRF mechanism and the SESSION_COOKIE_DOMAIN value, for Talos as a tool is intended to be used with a multiple project mentality. Hardcoding the SESSION_COOKIE_DOMAIN as localhost for all projects currently renders ineffective any attempt to log in to any Django admin, but the first Django admin one has ever logged in to, with said browser.

The first solution that comes to mind is to disable SESSION_COOKIE_DOMAIN locally.

I don’t think removing the parametric handling of this setting is ideal. I’ve found it useful in some projects to keep SESSION_COOKIE_DOMAIN configured even locally, as it allows me to test session behaviors across multiple instances. Disabling it entirely could limit that flexibility.

@niccolomineo
Copy link
Member Author

Ok, I will just set it to None in my local environment then.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Arussil Arussil Awaiting requested review from Arussil

@filippo-20tab filippo-20tab Awaiting requested review from filippo-20tab

@trottomv trottomv Awaiting requested review from trottomv

@Mitchina Mitchina Awaiting requested review from Mitchina

@daniele-20tab daniele-20tab Awaiting requested review from daniele-20tab

Assignees

@niccolomineo niccolomineo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@niccolomineo @trottomv