These are chat archives for django/django
We’re very occasionally seeing malformed “Set-Cookie” headers on responses from our application server, as described in that ticket. Rather than the expected format, something like:
"Set-Cookie: cookiename=XX; Max-Age: YY; Path=/"
We’re instead seeing the whole header as the cookie value, something like:
'Set-Cookie: cookiename="Set-Cookie: cookiename=XX Max-Age: YY; Path=/"'
csrftokencookies: they get set to malformed values and subsequent authenticated or CSRF-protected requests fail until the user clears their cookies.