django - Why csrftoken cookie works? -


i upgrading django 1.4.3 django 11.3.

i have web page 2 different forms. both forms loaded {%csrf_token%}. flow - user logins in using form 1 ( ajax ) , second form displayed. user enters data in second form , submits using ajax. now, request failing if did ( worked under django 1.4.3 ) -

csrfmiddlewaretoken = $form.find('input[name="csrfmiddlewaretoken"]').val(); 

now, fix getting csrftoken value cookie , sending cookie part of ajax , works -

csrfmiddlewaretoken = _gethelpercookie('csrftoken'); 

i confused why getting client cookie works? after login, django calls rotate_token; affect?

as say, django rotates csrf token when login security measure. started in django 1.5.2.

since have logged in ajax request, old token still in html. when fetch token html, using old token, csrf error.

when fetch token cookie, new token, avoid error.


Comments

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

vue.js - Create hooks for automated testing -

Add new key value to json node in java -