I want to log in form for my websites is a new token for each new CSRF that is generated fresh.
I tried to call
logout (request) request.session.flush () but the secret form area is always a It is the same token, even after restarting the server.
Its obvious meaning is that DJengo is reading data from the cookie. I do not mind this like cookies in this way and how does one generate a fresh one?
Alternatively, for me, an intermediate page clears all cookies before going to the actual login page? How to delete all cookies for your domain in a javascript
You can manually restore the token Is as follows:
request.META _get_new_csrf_key django.middleware.csrf import["CSRF_COOKIE_USED"] = true request.META ["CSRF_COOKIE"] = _get_new_csrf_key ()< / Pre>In Django> = 1.6, you should instead use
django.middleware.csrf.rotate_token (request), which actually does this.
No comments:
Post a Comment