Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

Added some explanatory comments in CsrfMiddleware

git-svn-id: bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
1 parent 4bdbd14 commit 9c33d74f1dbc71dc295f11c1be2f1146a487e611 @spookylukey spookylukey committed
Showing with 7 additions and 2 deletions.
  1. +7 −2 django/contrib/csrf/
9 django/contrib/csrf/
@@ -67,11 +67,16 @@ class CsrfResponseMiddleware(object):
def process_response(self, request, response):
csrf_token = None
+ # This covers a corner case in which the outgoing request
+ # both contains a form and sets a session cookie. This
+ # really should not be needed, since it is best if views
+ # that create a new session (login pages) also do a
+ # redirect, as is done by all such view functions in
+ # Django.
cookie = response.cookies[settings.SESSION_COOKIE_NAME]
csrf_token = _make_token(cookie.value)
except KeyError:
- # No outgoing cookie to set session, but
- # a session might already exist.
+ # Normal case - look for existing session cookie
session_id = request.COOKIES[settings.SESSION_COOKIE_NAME]
csrf_token = _make_token(session_id)

0 comments on commit 9c33d74

Please sign in to comment.
Something went wrong with that request. Please try again.