Python Flask - How to set session cookie attributes sameSite=None and 'Secure'

I would like to set my session cookie’s (through flask session object) attributes “sameSite=None” and “Secure=True”.

This is neccessary because my Dash app is using a login mechanism that is being cached in the session cookie (like this: Code-Example) and the app is being embedded in an iFrame. Unfortunately once it is inside the iFrame the app is not usable anymore because the session cookie cannot be read/set anymore because it is now treated as a Third-Party-Cookie which needs to have the cookie attributes mentioned above. This behaviour is described here and here for example.

When I try adding this in the (see “Code-Example”-link above for full context):


it seems to be set. At least a print() returns the entered values but the app’s login is still not working properly when being embedded in an iFrame and Chrome’s dev tools also show that the attributes are the same as before: session cookie attributes in Chrome

When I try to set it directly like this:


it is also not working. Returning:

AttributeError: (‘Invalid config key. Some settings are only available via the Dash constructor’, ‘SESSION_COOKIE_SAMESITE’)

I also found this as a possible solution but it also didn’t work for me.

Thanks for any ideas or suggestions in advance! I don’t know how to proceed… Sorry if I misunderstood something here as I am quite new to web dev and python flask…

any thought/idea is welcome :slight_smile:

Maybe a bit late but it could be because of how keys are accessed in Python. Dot notation is for accessing methods and functions of classes in Python. To access a key, you need to use square brackets.

Try the following snippet to resolve the issue.

app.config[“SESSION_COOKIE_SAMESITE”] = “None”

Been a long time but as I happened to be working on exactly this, in case anyone else happens by here… app.config is the Dash app config, but these are Flask app settings, so you need app.server.config, ie:

app.server.config["SESSION_COOKIE_SAMESITE"] = "None"