summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/ref/settings.txt4
1 files changed, 4 insertions, 0 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index 856d4cc36b..5fdb76b2d0 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -3167,6 +3167,10 @@ The domain to use for session cookies. Set this to a string such as
``"example.com"`` for cross-domain cookies, or use ``None`` for a standard
domain cookie.
+To use cross-domain cookies with :setting:`CSRF_USE_SESSIONS`, you must include
+a leading dot (e.g. ``".example.com"``) to accommodate the CSRF middleware's
+referer checking.
+
Be cautious when updating this setting on a production site. If you update
this setting to enable cross-domain cookies on a site that previously used
standard domain cookies, existing user cookies will be set to the old