From 3fdb8b2a2e0d1641374b53ef2b051fe7f54508b5 Mon Sep 17 00:00:00 2001 From: Vitaliy Date: Sun, 6 Aug 2023 12:39:52 +0300 Subject: [PATCH] =?UTF-8?q?Fix=20same=5Fsite=E2=86=92samesite=20in=20tutor?= =?UTF-8?q?ial:set=5Fcookie?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/tutorial.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tutorial.rst b/docs/tutorial.rst index 0f076c57..a6db8a9f 100755 --- a/docs/tutorial.rst +++ b/docs/tutorial.rst @@ -420,7 +420,7 @@ The :meth:`Response.set_cookie` method accepts a number of additional keyword ar * **path:** Limit the cookie to a given path (default: ``/``) * **secure:** Limit the cookie to HTTPS connections (default: off). * **httponly:** Prevent client-side javascript to read this cookie (default: off, requires Python 2.7 or newer). -* **same_site:** Disables third-party use for a cookie. Allowed attributes: `lax` and `strict`. In strict mode the cookie will never be sent. In lax mode the cookie is only sent with a top-level GET request. +* **samesite:** Disables third-party use for a cookie. Allowed attributes: `lax` and `strict`. In strict mode the cookie will never be sent. In lax mode the cookie is only sent with a top-level GET request. If neither `expires` nor `max_age` is set, the cookie expires at the end of the browser session or as soon as the browser window is closed. There are some other gotchas you should consider when using cookies: