fix: Samesite cookie value - fixed #266

Author: peppelinux

djangosaml2/middleware.py

@@ -1,5 +1,6 @@
 import time
 
+from django import VERSION
 from django.conf import settings
 from django.contrib.sessions.backends.base import UpdateError
 from django.contrib.sessions.middleware import SessionMiddleware
@@ -8,6 +9,9 @@
 from django.utils.http import http_date
 
 
+SAMESITE_NONE = None if (VERSION[0] < 3) else 'None'
+
+
 class SamlSessionMiddleware(SessionMiddleware):
     cookie_name = getattr(settings, 'SAML_SESSION_COOKIE_NAME', 'saml_session')
 
@@ -34,7 +38,7 @@ def process_response(self, request, response):
                 self.cookie_name,
                 path=settings.SESSION_COOKIE_PATH,
                 domain=settings.SESSION_COOKIE_DOMAIN,
-                samesite=None,
+                samesite=SAMESITE_NONE,
             )
             patch_vary_headers(response, ('Cookie',))
         else:
@@ -68,6 +72,6 @@ def process_response(self, request, response):
                         path=settings.SESSION_COOKIE_PATH,
                         secure=settings.SESSION_COOKIE_SECURE or None,
                         httponly=settings.SESSION_COOKIE_HTTPONLY or None,
-                        samesite=None
+                        samesite=SAMESITE_NONE
                     )
         return response