mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Fixed bug causing CSRF token not to rotate on login.

Browse Source 
Thanks Gavin McQuillan for the report.
This commit is contained in:
Tim Graham
2013-10-17 19:51:45 -04:00
parent a800036981
commit ac4fec5ca2
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
django/middleware/csrf.py
View File

@@ -56,7 +56,10 @@ def rotate_token(request):
Changes the CSRF token in use for a request - should be done on login
for security purposes.
"""
request.META["CSRF_COOKIE"] = _get_new_csrf_key()
request.META.update({
"CSRF_COOKIE_USED": True,
"CSRF_COOKIE": _get_new_csrf_key(),
})
def _sanitize_token(token):