In my Django application, I want to check if a specific cookies has "SameSite=None" or not.
I'm using this code to read the value of the cookies,
cookiesid = request.COOKIES["cookiesid"]
However, I don't know how to check "SameSite" attribute, seems there is no method to check it by request.COOKIES[""]
How can I check it?
I'm using Python 3.6.9 and Django 3.1
I've also been having issues with cross-domain Cookies recently, and I've tracked it down to Google Chrome gradually rolling out their security update that forces the SameSite attribute to Lax if it isn't set
Lax means that the Cookie is going to be blocked cross-domain by default on Google Chrome
Given that you're inspecting the Cookie's attributes in the code, I think that if the SameSite attribute isn't there, than you're not setting it and therefore Google Chrome is forcing the attribute to Lax
As you've stated you're using Django 3.1, the following four entries in your settings.py file might resolve your issue (as it did for me):
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SAMESITE = 'None'
SESSION_COOKIE_SAMESITE = 'None'
Good luck!
Going a little bit deeper.
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SAMESITE = 'None'
SESSION_COOKIE_SAMESITE = 'None'
Also make sure that you have Django 3, in Django 2 there is a bug and it will output a ValueError.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With