Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
644 views
in Technique[技术] by (71.8m points)

python - CSRF token missing or invalid Django

I've run into this issue before and solved it, but this just popped up totally randomly (or so it seems). I've just come back to my Django project after a little while away from it...when logging in I forgot my web username and it gave me the appropriate error message Sorry, that's not a valid username or password. So to solve this I created a new superuser (since I had also forgot my admin username) so I could check what my web username was. I did that successfully, but now when I try to login I get the CSRF error (whether the username or password is correct or not). I have no idea how this happened since it was validating properly 10 seconds ago and I didn't change a single line of code.

{% extends "base.html" %}

{% block content %}

    <title>{% block title %} | Login{% endblock %}</title>

    <h2>Login</h2>

    {% if form.errors %}
        <p class="error">Sorry, thats not a valid username or password</p>
    {% endif %}

    <form action="/accounts/auth/" method="POST">{% csrf_token %}
        <label for="username">Username: </label>
        <br>
        <input type="text" name="username" value="" id="username">
        <br><br>
        <label for="password">Password: </label>
        <br>
        <input type="password" name="password" value="" id="password">
        <br><br>
        <input type="submit" value="Login">
    </form>

{% endblock content %} 
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

For security purposes, the CSRF token is changed ('rotated') when you log in. If you open a page in Tab A, then log in on Tab B, then attempt to submit the form in Tab A, you will get a CSRF error, because the CSRF token in Tab A is out of date.

When you refresh Tab A, a new CSRF token is loaded, and the errors will stop.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...