#15618: django.contrib.messages.storage.fallback.CookieStorage does not behave properly with subdomains --------------------------+--------------------------- Reporter: lamby | Owner: nobody Status: new | Milestone: Component: Contrib apps | Version: 1.2 Keywords: | Triage Stage: Unreviewed Has patch: 1 | --------------------------+--------------------------- Imagine you have two domains "www.example.com" and "special.example.com". Your `SESSION_COOKIE_DOMAIN` is set to ".example.com" so that users are logged-in across these two subdomains.
The problem arises when a page on "www.example.com" sets a `django.contrib.message` and redirects to "special.example.com", the user will not see it unless they return to "www.example.com" as the default domain of the cookie is the current one. This naturally causes confusion as actions users have performed in the past suddenly are being confirmed (!). This happens with `FallbackStorage` too as it wraps `CookieStorage`. Patch attached that sets the domain of the CookieStorage cookie to SESSION_COOKIE_DOMAIN. Whilst this works, it might be better to not couple `sessions` and `messages` in this way, so we could alternatively introduce a new setting under a the `MESSAGE_STORAGE_` namespace. -- Ticket URL: <http://code.djangoproject.com/ticket/15618> Django <http://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-updates?hl=en.
