csrf error on login and admin

Discussion:

Kenneth Gonsalves

2009-12-14 10:50:54 UTC

hi,

I just upgraded to the latest trunk. I get csrf cookie not set error on
attempting to log in - both on site and in admin. I have added the middleware
as prescribed and also added the {% csrf_token %} within the form in my login
form. I am not using a custom view as I am using the auth login view in the
prescribed manner. Any clues as to what is going wrong?
--
regards
Kenneth Gonsalves
Senior Project Officer
NRC-FOSS
http://nrcfosshelpline.in/web/

--

You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-***@googlegroups.com.
To unsubscribe from this group, send email to django-users+***@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Kenneth Gonsalves

2009-12-14 11:29:57 UTC

Permalink

Post by Kenneth Gonsalves
I just upgraded to the latest trunk. I get csrf cookie not set error on
attempting to log in - both on site and in admin. I have added the
middleware as prescribed and also added the {% csrf_token %} within the
form in my login form. I am not using a custom view as I am using the auth
login view in the prescribed manner. Any clues as to what is going wrong?

never mind - cookies had not been cleared.
--
regards
Kenneth Gonsalves
Senior Project Officer
NRC-FOSS
http://nrcfosshelpline.in/web/

--

You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-***@googlegroups.com.
To unsubscribe from this group, send email to django-users+***@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Kenneth Gonsalves

2009-12-15 00:54:29 UTC

Permalink

Post by Kenneth Gonsalves

Post by Kenneth Gonsalves
I just upgraded to the latest trunk. I get csrf cookie not set error on
attempting to log in - both on site and in admin. I have added the
middleware as prescribed and also added the {% csrf_token %} within the
form in my login form. I am not using a custom view as I am using the
auth login view in the prescribed manner. Any clues as to what is going
wrong?

never mind - cookies had not been cleared.

problem has cropped up again - I can login, forms work on the website, but not
in admin. Login works in admin, but all other forms in admin do not work -
giving the csrf error. I am stuck.
--
regards
Kenneth Gonsalves
Senior Project Officer
NRC-FOSS
http://nrcfosshelpline.in/web/

--

You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-***@googlegroups.com.
To unsubscribe from this group, send email to django-users+***@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Mike Ramirez

2009-12-15 01:06:44 UTC

Permalink

Post by Kenneth Gonsalves
problem has cropped up again - I can login, forms work on the website, but
not in admin. Login works in admin, but all other forms in admin do not
work - giving the csrf error. I am stuck.

can you be more explicit with the 'csrf error' -- if it's the check your
cookies are enabled one.

Check your own cookies, if you have two admins on the same domain

like example.com/proj1/admin and example.com/proj2/admin; common on dev
servers. logging into one sets a global cookie for example.com that conflicts
with the other disallowing login till I delete existing cookies.

Mike

--
Never eat more than you can lift.
-- Miss Piggy

Kenneth Gonsalves

2009-12-15 01:09:10 UTC

Permalink

Post by Mike Ramirez

Post by Kenneth Gonsalves
problem has cropped up again - I can login, forms work on the website,
but not in admin. Login works in admin, but all other forms in admin do
not work - giving the csrf error. I am stuck.

can you be more explicit with the 'csrf error' -- if it's the check your
cookies are enabled one.

it is check your cookies one

Post by Mike Ramirez
Check your own cookies, if you have two admins on the same domain
like example.com/proj1/admin and example.com/proj2/admin; common on dev
servers. logging into one sets a global cookie for example.com that
conflicts with the other disallowing login till I delete existing
cookies.

will look into this - maybe there is light at the end of the tunnel ;-)
--
regards
Kenneth Gonsalves
Senior Project Officer
NRC-FOSS
http://nrcfosshelpline.in/web/

--

You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-***@googlegroups.com.
To unsubscribe from this group, send email to django-users+***@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Kenneth Gonsalves

2009-12-15 01:04:47 UTC

Permalink

Post by Kenneth Gonsalves

Post by Kenneth Gonsalves
I just upgraded to the latest trunk. I get csrf cookie not set error on
attempting to log in - both on site and in admin. I have added the
middleware as prescribed and also added the {% csrf_token %} within
the form in my login form. I am not using a custom view as I am using
the auth login view in the prescribed manner. Any clues as to what is
going wrong?

never mind - cookies had not been cleared.

problem has cropped up again - I can login, forms work on the website, but
not in admin. Login works in admin, but all other forms in admin do not
work - giving the csrf error. I am stuck.

this is revision 11866
--
regards
Kenneth Gonsalves
Senior Project Officer
NRC-FOSS
http://nrcfosshelpline.in/web/

--

You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-***@googlegroups.com.
To unsubscribe from this group, send email to django-users+***@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Gopalasivam Palaniappan

2009-12-14 11:21:19 UTC

Permalink

Post by Kenneth Gonsalves
I just upgraded to the latest trunk. I get csrf cookie not set error on
attempting to log in - both on site and in admin. I have added the middleware
as prescribed and also added the {% csrf_token %} within the form in my login
form. I am not using a custom view as I am using the auth login view in the
prescribed manner. Any clues as to what is going wrong?

Hi ,
I had the same problem...
After added the middleware
'django.contrib.csrf.middleware.CsrfMiddleware' to the list of
middleware classes, MIDDLEWARE_CLASSES.
My Problem is resolved.. Its working Fine now...

You could also refer this link..
http://docs.djangoproject.com/en/1.0/ref/contrib/csrf/

--

You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-***@googlegroups.com.
To unsubscribe from this group, send email to django-users+***@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Kenneth Gonsalves

2009-12-15 00:13:30 UTC

Permalink

Post by Gopalasivam Palaniappan

Post by Kenneth Gonsalves
I just upgraded to the latest trunk. I get csrf cookie not set error on
attempting to log in - both on site and in admin. I have added the
middleware as prescribed and also added the {% csrf_token %} within the
form in my login form. I am not using a custom view as I am using the
auth login view in the prescribed manner. Any clues as to what is going
wrong?

if you had read my mail, you would have found that even though I did all this
it was still not working - the reason was browser/proxy cache. Hitting reload
several times solved the problem.
--
regards
Kenneth Gonsalves
Senior Project Officer
NRC-FOSS
http://nrcfosshelpline.in/web/

--

You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-***@googlegroups.com.
To unsubscribe from this group, send email to django-users+***@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Kenneth Gonsalves

2009-12-15 01:19:02 UTC

Permalink

Post by Kenneth Gonsalves

Post by Mike Ramirez

Post by Kenneth Gonsalves
problem has cropped up again - I can login, forms work on the website,
but not in admin. Login works in admin, but all other forms in admin do
not work - giving the csrf error. I am stuck.

can you be more explicit with the 'csrf error' -- if it's the check your
cookies are enabled one.

it is check your cookies one

I cleared all cookies - now all forms have stopped working with 'cookie not
set' csrf error.
--
regards
Kenneth Gonsalves
Senior Project Officer
NRC-FOSS
http://nrcfosshelpline.in/web/

--

You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-***@googlegroups.com.
To unsubscribe from this group, send email to django-users+***@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Mike Ramirez

2009-12-15 01:35:40 UTC

Permalink

Post by Kenneth Gonsalves
I cleared all cookies - now all forms have stopped working with 'cookie not
set' csrf error.

hmm, never happened to me there, I suggest trying another browser. If it still
continues, no clue, sorry.

Mike
--
Excerpts From The First Annual Nerd Bowl (#7)

JOHN SPLADDEN: In this final round, the two teams must assemble a 16-node
Beowulf cluster from scratch, install Linux on them, and then use the
system to calculate pi to 1 million digits. This is the ultimate test for
nerds... only people in the Big Leagues should attempt this... [snip]

BRYANT DUMBELL: Look at that! Instead of messing with screws, the
Portalbacks are using duct tape to attach their motherboards to the cases!
That should save some time. [snip] They've done it! The Mad Hatters have
completed the Final Round in 2 hours, 15 minutes. That's one hell of a
Beowulf cluster they produced... drool.

SPLADDEN: With that, the Mad Hatters win the Nerd Bowl 105 to 68! There's
going to be some serious beer-drinking tonight back at the Red Hat offices.

DUMBELL: Linus Torvalds has emerged from the sidelines to present his
Linus Torvalds Trophy to the winners. What a glorious sight! This has
definitely been the best Nerdbowl ever. I pity those people that have been
watching the Superbowl instead.

Kenneth Gonsalves

2009-12-15 01:43:04 UTC

Permalink

Post by Mike Ramirez

Post by Kenneth Gonsalves
I cleared all cookies - now all forms have stopped working with 'cookie
not set' csrf error.

hmm, never happened to me there, I suggest trying another browser. If it
still continues, no clue, sorry.

I tried another browser - same problem of erratic behaviour, at times login
works, at other times it does not - forms on site work, but forms in admin do
not work. Then I thought maybe my webserver was giving the problem - so I used
the developement server. Login at admin does not work. 'Cookie not set'. Login
to the site works, and then I can bypass the admin login screen - but forms in
admin again give 'CSRF token missing or incorrect'.
--
regards
Kenneth Gonsalves
Senior Project Officer
NRC-FOSS
http://nrcfosshelpline.in/web/

--

You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-***@googlegroups.com.
To unsubscribe from this group, send email to django-users+***@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Kenneth Gonsalves

2009-12-15 03:37:38 UTC

Permalink

Post by Kenneth Gonsalves

Post by Mike Ramirez
hmm, never happened to me there, I suggest trying another browser. If it
still continues, no clue, sorry.

problem solved - one of the other contributors to the project had overridden a
whole lot of admin templates which were causing the confusion.
--
regards
Kenneth Gonsalves
Senior Project Officer
NRC-FOSS
http://nrcfosshelpline.in/web/

--

You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-***@googlegroups.com.
To unsubscribe from this group, send email to django-users+***@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Kenneth Gonsalves

2009-12-15 05:28:15 UTC

Permalink

Post by Kenneth Gonsalves

Post by Kenneth Gonsalves
I tried another browser - same problem of erratic behaviour, at times
login works, at other times it does not - forms on site work, but forms
in admin do not work. Then I thought maybe my webserver was giving the
problem - so I used the developement server. Login at admin does not
work. 'Cookie not set'. Login to the site works, and then I can bypass
the admin login screen - but forms in admin again give 'CSRF token
missing or incorrect'.

problem solved - one of the other contributors to the project had
overridden a whole lot of admin templates which were causing the
confusion.

back to the drawing board! Still not working properly. I tried with konqueror.
It worked for one site. The moment I went to another site, the csrf problem
started. With firefox it works at times and doesnt at other times. This is the
situation with all the developers in the lab - and they have a variety of
distros, browsers and platforms. We have decided to revert to a pre csrf
version until we can spare the time to sort things out.
--
regards
Kenneth Gonsalves
Senior Project Officer
NRC-FOSS
http://nrcfosshelpline.in/web/

--

You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-***@googlegroups.com.
To unsubscribe from this group, send email to django-users+***@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Paddy Joy

2009-12-16 05:15:49 UTC

Permalink

Try 'django.middleware.csrf.CsrfMiddleware' instead of
'django.contrib.csrf.middleware.CsrfMiddleware'

Paddy

Post by Kenneth Gonsalves

problem solved - one of the other contributors to the project had
overridden a whole lot of admin templates which were causing the
confusion.

--

You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-***@googlegroups.com.
To unsubscribe from this group, send email to django-users+***@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Kenneth Gonsalves

2009-12-18 23:38:11 UTC

Permalink

Post by Paddy Joy
Try 'django.middleware.csrf.CsrfMiddleware' instead of
'django.contrib.csrf.middleware.CsrfMiddleware'

copied and pasted straight from the official docs
--
regards
Kenneth Gonsalves
Senior Project Officer
NRC-FOSS
http://nrcfosshelpline.in/web/

--

You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-***@googlegroups.com.
To unsubscribe from this group, send email to django-users+***@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Nixarn

2010-02-07 13:18:58 UTC

Permalink

Having the same problem with the dev version of django. I just can't
get into the Admin.

Works fine in Chrome for some reason but with Firefox or IE I get:

403 Forbidden

CSRF verification failed. Request aborted.

Reason given for failure: CSRF cookie not set.

And I've tried clearing the cache and cookies from the browser. All
without luck :/

Niklas

Post by Kenneth Gonsalves

Post by Paddy Joy
Try 'django.middleware.csrf.CsrfMiddleware' instead of
'django.contrib.csrf.middleware.CsrfMiddleware'

copied and pasted straight from the official docs
--
regards
Kenneth Gonsalves
Senior Project Officer
NRC-FOSShttp://nrcfosshelpline.in/web/

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-***@googlegroups.com.
To unsubscribe from this group, send email to django-users+***@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Nixarn

2010-02-07 13:48:33 UTC

Permalink

Might have gotten somewhere with this.

I'm using nginx and rewriting urls with www to be without www. And in
firefox I seem to be getting the following weirdness in firebug:

domainname.com, status: timeout, domain: domainname.com, size: 1.8kb,
time: 26ms
domainname.com, status: 200 OK, domain: domainname.com, size: 1.8kb,
time: 146ms

So the request gets a timeout after 26ms for some bizzar reason. I
remoed the rewrite rules and were able to log in to admin with
firefox.

Niklas

Post by Nixarn
Having the same problem with the dev version of django. I just can't
get into the Admin.
403 Forbidden
CSRF verification failed. Request aborted.
Reason given for failure: CSRF cookie not set.
And I've tried clearing the cache and cookies from the browser. All
without luck :/
Niklas

Post by Kenneth Gonsalves

Post by Paddy Joy
Try 'django.middleware.csrf.CsrfMiddleware' instead of
'django.contrib.csrf.middleware.CsrfMiddleware'

copied and pasted straight from the official docs
--
regards
Kenneth Gonsalves
Senior Project Officer
NRC-FOSShttp://nrcfosshelpline.in/web/

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-***@googlegroups.com.
To unsubscribe from this group, send email to django-users+***@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Nixarn

2010-02-07 13:50:08 UTC

Permalink

Hmm apparently doesn't work anymore gah... hrmp. Looking into it.

Niklas

Post by Kenneth Gonsalves

Post by Paddy Joy
Try 'django.middleware.csrf.CsrfMiddleware' instead of
'django.contrib.csrf.middleware.CsrfMiddleware'

copied and pasted straight from the official docs
--
regards
Kenneth Gonsalves
Senior Project Officer
NRC-FOSShttp://nrcfosshelpline.in/web/

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-***@googlegroups.com.
To unsubscribe from this group, send email to django-users+***@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Nixarn

2010-02-07 14:13:04 UTC

Permalink

Ok. Most likely the problem is when nginx is giving me 499 (client
timeout) errors.

Post by Nixarn
Hmm apparently doesn't work anymore gah... hrmp. Looking into it.
Niklas

Post by Kenneth Gonsalves

Post by Paddy Joy
Try 'django.middleware.csrf.CsrfMiddleware' instead of
'django.contrib.csrf.middleware.CsrfMiddleware'

copied and pasted straight from the official docs
--
regards
Kenneth Gonsalves
Senior Project Officer
NRC-FOSShttp://nrcfosshelpline.in/web/

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-***@googlegroups.com.
To unsubscribe from this group, send email to django-users+***@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Nixarn

2010-02-11 15:53:48 UTC

Permalink

Ok. Just so anyone browsing this later.

The weird timeout error was just a stupid javascript bug. And I blamed
tornado first, then after giving fastcgi a shot and still getting the
error I blamed nginx. Then after trying apache2 + wsgi and still
getting the same timeout I blamed linode. Then after I noticed I get
the problem locally too, so naturally I blamed the django dev version.
And after trying djanog 1.1 I blame my python code. After I noticed it
was correct I found my javascript bug :( I'm sorry tornado, nginx,
linode and django!

Anyway still get the csrf error occationally. Not a big problem just
requires some shift + reload.

Niklas

Post by Nixarn
Ok. Most likely the problem is when nginx is giving me 499 (client
timeout) errors.

Post by Nixarn
Hmm apparently doesn't work anymore gah... hrmp. Looking into it.
Niklas

Post by Kenneth Gonsalves

Post by Paddy Joy
Try 'django.middleware.csrf.CsrfMiddleware' instead of
'django.contrib.csrf.middleware.CsrfMiddleware'

copied and pasted straight from the official docs
--
regards
Kenneth Gonsalves
Senior Project Officer
NRC-FOSShttp://nrcfosshelpline.in/web/

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-***@googlegroups.com.
To unsubscribe from this group, send email to django-users+***@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

Continue reading on narkive:

Search results for 'csrf error on login and admin' (newsgroups and mailing lists)

replies

CSRF token not adding hidden form field

started 2010-06-10 03:58:46 UTC

django-users@googlegroups.com

replies

Proposal: django.forms.SafeForm - forms with built in CSRF protection

started 2008-09-23 01:25:44 UTC

django-developers@googlegroups.com

replies

django form field validation and error display