Skip to content

Disable SESSION_COOKIE_DOMAIN in local environment #319

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Disable SESSION_COOKIE_DOMAIN in local environment #319

wants to merge 1 commit into from
+6 −3

Conversation

@niccolomineo
Copy link
Member

@niccolomineo niccolomineo commented Sep 12, 2024

In Safari, in the context of a local environment, there seems to occur a collision between the anti CSRF mechanism and the SESSION_COOKIE_DOMAIN value, for Talos as a tool is intended to be used with a multiple project mentality. Hardcoding the SESSION_COOKIE_DOMAIN as localhost for all projects currently renders ineffective any attempt to log in to any Django admin, but the first Django admin one has ever logged in to, with said browser.

The first solution that comes to mind is to disable SESSION_COOKIE_DOMAIN locally.

@niccolomineo niccolomineo self-assigned this Sep 12, 2024
@niccolomineo niccolomineo changed the title Disable SESSION_COOKIE_DOMAIN in local environment Disable SESSION_COOKIE_DOMAIN in local environment Sep 12, 2024
@trottomv
Copy link
Contributor

trottomv commented Nov 13, 2024
edited
Loading

In Safari, in the context of a local environment, there seems to occur a collision between the anti CSRF mechanism and the SESSION_COOKIE_DOMAIN value, for Talos as a tool is intended to be used with a multiple project mentality. Hardcoding the SESSION_COOKIE_DOMAIN as localhost for all projects currently renders ineffective any attempt to log in to any Django admin, but the first Django admin one has ever logged in to, with said browser.

The first solution that comes to mind is to disable SESSION_COOKIE_DOMAIN locally.

I don’t think removing the parametric handling of this setting is ideal. I’ve found it useful in some projects to keep SESSION_COOKIE_DOMAIN configured even locally, as it allows me to test session behaviors across multiple instances. Disabling it entirely could limit that flexibility.

@niccolomineo
Copy link
Member Author

niccolomineo commented Nov 13, 2024

Ok, I will just set it to None in my local environment then.

@niccolomineo niccolomineo reopened this Jun 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Arussil Arussil Awaiting requested review from Arussil

@filippo-20tab filippo-20tab Awaiting requested review from filippo-20tab

@trottomv trottomv Awaiting requested review from trottomv

@Mitchina Mitchina Awaiting requested review from Mitchina

@daniele-20tab daniele-20tab Awaiting requested review from daniele-20tab

At least 1 approving review is required to merge this pull request.

Assignees

@niccolomineo niccolomineo

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@niccolomineo @trottomv