Skip to content

Commit

Permalink
Add vary cookie for accessed session as per flask
Browse files Browse the repository at this point in the history
  • Loading branch information
Lxstr committed Mar 15, 2024
1 parent 56937a0 commit cbd85a2
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions src/flask_session/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -262,6 +262,12 @@ def save_session(
# Generate a prefixed session id
store_id = self._get_store_id(session.sid)

# Add a "Vary: Cookie" header if the session was accessed at all.
# This assumes the app is checking the session values in a request that
# behaves differently based on those values. ie. session.get("is_authenticated")
if session.accessed:
response.vary.add("Cookie")

# If the session is empty, do not save it to the database or set a cookie
if not session:
# If the session was deleted (empty and modified), delete the saved session from the database and tell the client to delete the cookie
Expand Down

0 comments on commit cbd85a2

Please sign in to comment.