Ticket #9356: csrf_fix.diff

File csrf_fix.diff, 1.0 KB (added by Bob Thomas, 16 years ago)

Get session key from request.session

  • django/contrib/csrf/middleware.py

     
    6363
    6464    def process_response(self, request, response):
    6565        csrf_token = None
    66         try:
    67             cookie = response.cookies[settings.SESSION_COOKIE_NAME]
    68             csrf_token = _make_token(cookie.value)
    69         except KeyError:
    70             # No outgoing cookie to set session, but
    71             # a session might already exist.
    72             try:
    73                 session_id = request.COOKIES[settings.SESSION_COOKIE_NAME]
    74                 csrf_token = _make_token(session_id)
    75             except KeyError:
    76                 # no incoming or outgoing cookie
    77                 pass
     66        if hasattr(request, 'session'):
     67            csrf_token = _make_token(request.session.session_key)
    7868
    7969        if csrf_token is not None and \
    8070                response['Content-Type'].split(';')[0] in _HTML_TYPES:
Back to Top