Third-party sessions/cookies breaking because of browser upgrades #94
Description
As of Feb/Mar 2020, modern browsers are not allowing third-party cookies unless they have secure=True and samesite=None. Thus OLDs are breaking: users can login but no subsequent requests work, because those subsequent requests cannot send cookies. In this OLD, the fix should be in env-old/lib/python2.7/site-packages/onlinelinguisticdatabase/config/middleware.py:
app = SessionMiddleware(
app,
config,
samesite='None',
secure=True)
Beaker also needs to be updated to 1.10.0. See https://beaker.readthedocs.io/en/latest/changes.html. Use something like:
./env-old/bin/pip2.7 install beaker==1.10.0
To reproduce the error on a Chrome browser that is not currently exhibiting it, navigate to chrome://flags/, and search for samesite. Then set the following two settings to Enabled: SameSite by default cookies and Cookies without SameSite must be secure.