Can't set SameSite attribute of cookie in Tornado

Question

I'm trying to set a cookie with the SameSite header in a Tornado handler. I already looked at this answer and used the following monkeypatch:

from http.cookies import Morsel
Morsel._reserved["samesite"] = "SameSite"

Then, in a different file which imports the monkeypatch above, I'm trying to do the following in a handler class that extends RequestHandler:

from tornado.web import RequestHandler

class UserHandler(RequestHandler):
    async def login(self):
        # Application logic....
        self.set_secure_cookie("session_id", session_key, samesite: "None")

However, for some reason this doesn't work, and instead I'm getting an "invalid syntax" error.

Note that I'm using Python 3.7.4 and tornado v6.0.3.

`samesite: "None"` is not the way to pass kwargs, you should use `=` - `samesite="None"` — Iain Shelvington, Dec 29 '19 at 13:07
@IainShelvington My bad, thanks! Feel free to submit an answer, and I'll approve and upvote it. — Itai Steinherz, Dec 29 '19 at 13:08

score 3 · Accepted Answer · answered Dec 29 '19 at 13:09

3

samesite: "None" is not the way to pass keyword arguments to functions. You should use =

self.set_secure_cookie("session_id", session_key, samesite="None")

answered Dec 29 '19 at 13:09

Iain Shelvington

31,030
3
31
50

Can't set SameSite attribute of cookie in Tornado

1 Answers1