csrf error on login and admin
Kenneth Gonsalves
I just upgraded to the latest trunk. I get csrf cookie not set error on
attempting to log in - both on site and in admin. I have added the middleware
as prescribed and also added the {% csrf_token %} within the form in my login
form. I am not using a custom view as I am using the auth login view in the
prescribed manner. Any clues as to what is going wrong?
--
regards
Kenneth Gonsalves
Senior Project Officer
NRC-FOSS
http://nrcfosshelpline.in/web/
Kenneth Gonsalves
> I just upgraded to the latest trunk. I get csrf cookie not set error on
> attempting to log in - both on site and in admin. I have added the
> middleware as prescribed and also added the {% csrf_token %} within the
> form in my login form. I am not using a custom view as I am using the auth
> login view in the prescribed manner. Any clues as to what is going wrong?
>
Gopalasivam Palaniappan
> attempting to log in - both on site and in admin. I have added the middleware
> as prescribed and also added the {% csrf_token %} within the form in my login
> form. I am not using a custom view as I am using the auth login view in the
> prescribed manner. Any clues as to what is going wrong?
I had the same problem...
After added the middleware
'django.contrib.csrf.middleware.CsrfMiddleware' to the list of
middleware classes, MIDDLEWARE_CLASSES.
My Problem is resolved.. Its working Fine now...
You could also refer this link..
http://docs.djangoproject.com/en/1.0/ref/contrib/csrf/
Kenneth Gonsalves
> > I just upgraded to the latest trunk. I get csrf cookie not set error on
> > attempting to log in - both on site and in admin. I have added the
> > middleware as prescribed and also added the {% csrf_token %} within the
> > form in my login form. I am not using a custom view as I am using the
> > auth login view in the prescribed manner. Any clues as to what is going
> > wrong?
>
> Hi ,
> I had the same problem...
> After added the middleware
> 'django.contrib.csrf.middleware.CsrfMiddleware' to the list of
> middleware classes, MIDDLEWARE_CLASSES.
> My Problem is resolved.. Its working Fine now...
>
it was still not working - the reason was browser/proxy cache. Hitting reload
several times solved the problem.
Kenneth Gonsalves
> On Monday 14 Dec 2009 4:20:54 pm Kenneth Gonsalves wrote:
> > I just upgraded to the latest trunk. I get csrf cookie not set error on
> > attempting to log in - both on site and in admin. I have added the
> > middleware as prescribed and also added the {% csrf_token %} within the
> > form in my login form. I am not using a custom view as I am using the
> > auth login view in the prescribed manner. Any clues as to what is going
> > wrong?
>
> never mind - cookies had not been cleared.
>
in admin. Login works in admin, but all other forms in admin do not work -
giving the csrf error. I am stuck.
Mike Ramirez
> problem has cropped up again - I can login, forms work on the website, but
> not in admin. Login works in admin, but all other forms in admin do not
> work - giving the csrf error. I am stuck.
>
can you be more explicit with the 'csrf error' -- if it's the check your
cookies are enabled one.
Check your own cookies, if you have two admins on the same domain
like example.com/proj1/admin and example.com/proj2/admin; common on dev
servers. logging into one sets a global cookie for example.com that conflicts
with the other disallowing login till I delete existing cookies.
Mike
--
Never eat more than you can lift.
-- Miss Piggy
Kenneth Gonsalves
> On Monday 14 Dec 2009 4:59:57 pm Kenneth Gonsalves wrote:
> > On Monday 14 Dec 2009 4:20:54 pm Kenneth Gonsalves wrote:
> > > I just upgraded to the latest trunk. I get csrf cookie not set error on
> > > attempting to log in - both on site and in admin. I have added the
> > > middleware as prescribed and also added the {% csrf_token %} within
> > > the form in my login form. I am not using a custom view as I am using
> > > the auth login view in the prescribed manner. Any clues as to what is
> > > going wrong?
> >
> > never mind - cookies had not been cleared.
>
> problem has cropped up again - I can login, forms work on the website, but
> not in admin. Login works in admin, but all other forms in admin do not
> work - giving the csrf error. I am stuck.
>
Kenneth Gonsalves
> > problem has cropped up again - I can login, forms work on the website,
> > but not in admin. Login works in admin, but all other forms in admin do
> > not work - giving the csrf error. I am stuck.
> >
>
> can you be more explicit with the 'csrf error' -- if it's the check your
> cookies are enabled one.
> Check your own cookies, if you have two admins on the same domain
>
> like example.com/proj1/admin and example.com/proj2/admin; common on dev
> servers. logging into one sets a global cookie for example.com that
> conflicts with the other disallowing login till I delete existing
> cookies.
>
Kenneth Gonsalves
> On Tuesday 15 Dec 2009 6:36:44 am Mike Ramirez wrote:
> > > problem has cropped up again - I can login, forms work on the website,
> > > but not in admin. Login works in admin, but all other forms in admin do
> > > not work - giving the csrf error. I am stuck.
> > >
> >
> >
> > can you be more explicit with the 'csrf error' -- if it's the check your
> > cookies are enabled one.
>
> it is check your cookies one
>
set' csrf error.
Mike Ramirez
> I cleared all cookies - now all forms have stopped working with 'cookie not
> set' csrf error.
>
hmm, never happened to me there, I suggest trying another browser. If it still
continues, no clue, sorry.
Mike
--
Excerpts From The First Annual Nerd Bowl (#7)
JOHN SPLADDEN: In this final round, the two teams must assemble a 16-node
Beowulf cluster from scratch, install Linux on them, and then use the
system to calculate pi to 1 million digits. This is the ultimate test for
nerds... only people in the Big Leagues should attempt this... [snip]
BRYANT DUMBELL: Look at that! Instead of messing with screws, the
Portalbacks are using duct tape to attach their motherboards to the cases!
That should save some time. [snip] They've done it! The Mad Hatters have
completed the Final Round in 2 hours, 15 minutes. That's one hell of a
Beowulf cluster they produced... drool.
SPLADDEN: With that, the Mad Hatters win the Nerd Bowl 105 to 68! There's
going to be some serious beer-drinking tonight back at the Red Hat offices.
DUMBELL: Linus Torvalds has emerged from the sidelines to present his
Linus Torvalds Trophy to the winners. What a glorious sight! This has
definitely been the best Nerdbowl ever. I pity those people that have been
watching the Superbowl instead.
Kenneth Gonsalves
> On Monday 14 December 2009 17:19:02 Kenneth Gonsalves wrote:
> > I cleared all cookies - now all forms have stopped working with 'cookie
> > not set' csrf error.
> >
>
> hmm, never happened to me there, I suggest trying another browser. If it
> still continues, no clue, sorry.
>
works, at other times it does not - forms on site work, but forms in admin do
not work. Then I thought maybe my webserver was giving the problem - so I used
the developement server. Login at admin does not work. 'Cookie not set'. Login
to the site works, and then I can bypass the admin login screen - but forms in
admin again give 'CSRF token missing or incorrect'.
Kenneth Gonsalves
> > hmm, never happened to me there, I suggest trying another browser. If it
> > still continues, no clue, sorry.
> >
>
> I tried another browser - same problem of erratic behaviour, at times
> login works, at other times it does not - forms on site work, but forms
> in admin do not work. Then I thought maybe my webserver was giving the
> problem - so I used the developement server. Login at admin does not work.
> 'Cookie not set'. Login to the site works, and then I can bypass the admin
> login screen - but forms in admin again give 'CSRF token missing or
> incorrect'.
>
whole lot of admin templates which were causing the confusion.
Kenneth Gonsalves
> > I tried another browser - same problem of erratic behaviour, at times
> > login works, at other times it does not - forms on site work, but forms
> > in admin do not work. Then I thought maybe my webserver was giving the
> > problem - so I used the developement server. Login at admin does not
> > work. 'Cookie not set'. Login to the site works, and then I can bypass
> > the admin login screen - but forms in admin again give 'CSRF token
> > missing or incorrect'.
> >
>
> problem solved - one of the other contributors to the project had
> overridden a whole lot of admin templates which were causing the
> confusion.
>
It worked for one site. The moment I went to another site, the csrf problem
started. With firefox it works at times and doesnt at other times. This is the
situation with all the developers in the lab - and they have a variety of
distros, browsers and platforms. We have decided to revert to a pre csrf
version until we can spare the time to sort things out.
Paddy Joy
'django.contrib.csrf.middleware.CsrfMiddleware'
Paddy
Kenneth Gonsalves
> Try 'django.middleware.csrf.CsrfMiddleware' instead of
> 'django.contrib.csrf.middleware.CsrfMiddleware'
>
copied and pasted straight from the official docs
Nixarn
get into the Admin.
Works fine in Chrome for some reason but with Firefox or IE I get:
403 Forbidden
CSRF verification failed. Request aborted.
Reason given for failure: CSRF cookie not set.
And I've tried clearing the cache and cookies from the browser. All
without luck :/
Niklas
Nixarn
I'm using nginx and rewriting urls with www to be without www. And in
firefox I seem to be getting the following weirdness in firebug:
domainname.com, status: timeout, domain: domainname.com, size: 1.8kb,
time: 26ms
domainname.com, status: 200 OK, domain: domainname.com, size: 1.8kb,
time: 146ms
So the request gets a timeout after 26ms for some bizzar reason. I
remoed the rewrite rules and were able to log in to admin with
firefox.
Niklas
Nixarn
Niklas
On Feb 7, 3:18 pm, Nixarn <nix...@gmail.com> wrote:
Nixarn
timeout) errors.
Nixarn
The weird timeout error was just a stupid javascript bug. And I blamed
tornado first, then after giving fastcgi a shot and still getting the
error I blamed nginx. Then after trying apache2 + wsgi and still
getting the same timeout I blamed linode. Then after I noticed I get
the problem locally too, so naturally I blamed the django dev version.
And after trying djanog 1.1 I blame my python code. After I noticed it
was correct I found my javascript bug :( I'm sorry tornado, nginx,
linode and django!
Anyway still get the csrf error occationally. Not a big problem just
requires some shift + reload.
Niklas
On Feb 7, 4:13 pm, Nixarn <nix...@gmail.com> wrote:
> Ok. Most likely the problem is when nginx is giving me 499 (client
> timeout) errors.
>
> On Feb 7, 3:50 pm,Nixarn<nix...@gmail.com> wrote:
>
>
>
> > Hmm apparently doesn't work anymore gah... hrmp. Looking into it.
>
> > Niklas
>