问题
I have found a very strange problem in my Flask application. I discovered that in some circumstances multiple session cookies could be created with the same name. I attached a picture about it. It is not browser specific.
It is strange itself, but the real problem comes when I try to validate a form with CSRF token. Unfortunately, Flask picks a wrong session cookie and the validation of the CSRF token cannot be successful. And even more strangely the problem persists even after multiple form submits. The only solution is deleting the cookies which is not an option for an average user.
Are there any options to prevent Flask to create cookies with the same name? Or at least is there an option for get all cookie names from my application? In this case at least I would able to delete session cookies with the same name.
回答1:
Without code, it is hard to tell where Flask generates multiple cookies with the same name, but it is possible that you let the cookie live to long, please see Flask: How to remove cookies? to deal with this issue.
If I understand you correctly, another main issue is [comment by me]:
Flask picks a wrong session cookie [of multiple ones with the same name]
Picking the wrong cookie from multiple ones with the same name is not Flask-specific, but rather about the logic used by client/ browser, see e.g. How to handle multiple cookies with the same name?
来源:https://stackoverflow.com/questions/61572178/flask-multiple-session-cookies-with-the-same-name