S
S
Sergey Ganzhela2017-08-31 15:08:50
Django
Sergey Ganzhela, 2017-08-31 15:08:50

Django issue with CSRF?

Good afternoon!
Tell me what could be the problem with SCRF_TOKEN.
Standard authorization methods are used out of the box! After the user has logged out, he is redirected to a page with a login form. from this moment, some kind of nonsense begins when you try to login again, protection against csrf (403 forbiden) is triggered,
'django.middleware.csrf.CsrfViewMiddleware',
although the template contains {% csrf_token %} and the context processor is present, I
tried to do it in the login update view and the token does not help, you have to wait 5 minutes 7 and then go.
The question is!
1. Should the token that is in the cookie and the token from the template visually match? (for some reason they don’t match for me, well, maybe it should be so)
2. Actually, how to deal with these if the system perceives such a situation as an attack (is it possible to reduce the timer somehow :)) I would not want to leave the system without protection at all

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question