Django Iframe: Sessionkey Being Created Every Request
I have a shopify app built in Django that was working fine up until recently. The sessions are not persisting across each request and as a result an exception is being raised because the session for that given key that was set in the previous request does not exist. Trying the app endpoints outside of Shopify works fine, the sessions persist perfectly between requests so it definitely is an issue within Shopify.
Looking at the sessions table in our database we see multiple sessionkeys with the same data, this indicates another session is being created per request. How do we persist sessions across requests in an iframe?
The version of Django being used was 2.1 which now includes a new feature which helps prevent CSRF attacks. According to the docs the new SESSION_COOKIE_SAMESITE defaults to a value of 'Lax' which is a middle ground between 'Strict' and None.
This feature obviously works well for standalone Django apps but causes them to break when in an iframe similar to Shopify. Setting SESSION_COOKIE_SAMESITE = None in settings.py resolved the issue.
- → What are the pluses/minuses of different ways to configure GPIOs on the Beaglebone Black?
- → Django, code inside <script> tag doesn't work in a template
- → React - Django webpack config with dynamic 'output'
- → GAE Python app - Does URL matter for SEO?
- → Put a Rendered Django Template in Json along with some other items
- → session disappears when request is sent from fetch
- → Python Shopify API output formatted datetime string in django template
- → Shopify app: adding a new shipping address via webhook
- → Shopify + Python library: how to create new shipping address
- → shopify python api: how do add new assets to published theme?
- → Access 'HTTP_X_SHOPIFY_SHOP_API_CALL_LIMIT' with Python Shopify Module