Firefox throws the following warning after deleting a valid cookie:
Cookie “cookie_name” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read
During the logout process the set cookie is removed by setting
max-age=0orexpire=<date_in_past>. The browser deletes the cookie immediately as expected but I also get the warning mentioned above. It doesn't matter if I remove the cookie in the backend or frontend - the message will always be shown.Code
Set Cookie - Backend (django):
class Login(): def post(self, request): ... response = Response(status=status.HTTP_200_OK, ...) response.set_cookie("cookie_name", value, max_age=60*60*5, secure=True, httponly=False, samesite='strict') return responseRemove Cookie - Frontend: (preferred way for this cookie in my scenario so far)
function removeItem(key, path, domain) { ... document.cookie = encodeURIComponent(key) // "=; expires=Thu, 01 Jan 1970 00:00:00 GMT" "=; max-age=0" (domain ? "; domain=" domain : "") (path ? "; path=" path : ""); return true; }, }Remove Cookie - Backend (django): (listed just for completeness; results in same warning)
class Logout(): def post(self, request): ... response = Response(status=status.HTTP_200_OK, ...) response.delete_cookie("cookie_name") return responseIs there a better way to remove cookies that doesn't result in the warning?
CodePudding user response:
What you need to do is to add the samesite/secure cookie attributes when you set the cookie, otherwise, it might be rejected by the browser.
