Opened 3 years ago

Closed 3 years ago

#16768 closed Bug (invalid)

Wrong cookie set by CSRF middleware

Reported by: ike@… Owned by: nobody
Component: contrib.csrf Version: 1.3
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Trying to setup jmeter for scalability testing I found following bug in CSRF Middleware

After few normal responses like this: - - [08/Sep/2011:13:11:38 +0200] "GET / HTTP/1.0" 200 12003 "csrftoken=0c85747298965a0fb54310eafa4da475" "-"

Django returns this strange CSRF cookie: - - [08/Sep/2011:13:31:46 +0200] "GET / HTTP/1.0" 200 12003 "csrftoken=Set-Cookie: csrftoken=ab04081d4bd93d21c1a2c56599b30a04\x5C073 expires=Th
u\x5C054 06-Sep-2012 11:31:00 GMT\x5C073 Max-Age=31449600\x5C073 Path=/" "-" "Java/1.7.0"

Attachments (0)

Change History (1)

comment:1 Changed 3 years ago by PaulM

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to invalid
  • Status changed from new to closed

That looks like the issue (that isn't going to be fixed) where cookie objects can't be stored in pickles (and thus can't be stored in the various caching backends). Your application is probably caching or storing the cookie somewhere (or may be configured to cache pages which contain cookies, which is a definite bad thing). I'm closing as invalid, but feel free to comment or re-open if you've got clear steps to reproduce the problem and you think it's a Django issue and not something your application is doing.


There's more info in #15863

Last edited 3 years ago by PaulM (previous) (diff)

Add Comment

Modify Ticket

Change Properties
<Author field>
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.