Can't login to admin panel with Chrome (but it works with Firefox)

Juanan · August 31, 2020, 9:36am

Hi,

since August, it is no longer possible to log-in to admin panel using Chrome (although it is working perfectly in Firefox). According to my tests, it is due to the new SameSite cookie policy enforcement in Google Chrome. More specifically, Chrome is not accepting the csrftoken sent by Django Admin panel due to the lack of the Secure tag in the cookie:

In order to allow to log-in to Django Admin panel using Chrome, I think that this cookie header:

Set-Cookie: csrftoken=eneVM9tVfoCvgsfxYRDWmaw0YuCHWnSMgJqlclbXVWRDpO4vSgtFOZAnJK9cPP6r; expires=Mon, 30 Aug 2021 08:46:54 GMT; Max-Age=31449600; Path=/; SameSite=None

Should be:
Set-Cookie: csrftoken=eneVM9tVfoCvgsfxYRDWmaw0YuCHWnSMgJqlclbXVWRDpO4vSgtFOZAnJK9cPP6r; expires=Mon, 30 Aug 2021 08:46:54 GMT; Max-Age=31449600; Path=/; SameSite=None; Secure

(look at the last “; Secure” part)

How can we change Django settings to allow that?

Thanks.

sbernesto · August 31, 2020, 8:55pm

Hi,

I temporarily use to change the variable None to Lax, on DCS_SESSION_COOKIE_SAMESITE

Located in edx-platform / lms / envs / common.py

restart lms and login again.

Topic		Replies	Views
Please some help loging-in! Site Operations Help	11	2435	December 26, 2020
Security: patch for password reset Security	0	579	October 7, 2020
Deprecation/Removal: Csrf CrossDomainCookieMiddleware (DEPR-165) Deprecation	3	457	September 9, 2021
CSRF verification failed. Request aborted Site Operators	1	841	March 8, 2021
Login issue with edX Juniper Site Operations Help	2	593	December 4, 2020

Can't login to admin panel with Chrome (but it works with Firefox)

Related Topics