Add ability to set SameSite policy for userLoggedIn cookie (#15100)

* Add ability to set SameSite policy for userLoggedIn cookie * reformat line for linter
2026-02-22 21:46:00 -03:30 · 2024-04-24 15:44:31 -04:00
parent 47a061eb39
commit f5f85666c8
3 changed files with 9 additions and 2 deletions
--- a/awx/api/generics.py
+++ b/awx/api/generics.py
@@ -95,7 +95,9 @@ class LoggedLoginView(auth_views.LoginView):
        ret = super(LoggedLoginView, self).post(request, *args, **kwargs)
        if request.user.is_authenticated:
            logger.info(smart_str(u"User {} logged in from {}".format(self.request.user.username, request.META.get('REMOTE_ADDR', None))))
-            ret.set_cookie('userLoggedIn', 'true', secure=getattr(settings, 'SESSION_COOKIE_SECURE', False))
+            ret.set_cookie(
+                'userLoggedIn', 'true', secure=getattr(settings, 'SESSION_COOKIE_SECURE', False), samesite=getattr(settings, 'USER_COOKIE_SAMESITE', 'Lax')
+            )
            ret.setdefault('X-API-Session-Cookie-Name', getattr(settings, 'SESSION_COOKIE_NAME', 'awx_sessionid'))

            return ret