Opened 4 years ago

Closed 4 years ago

#16768 closed Bug (invalid)

Wrong cookie set by CSRF middleware

Reported by: ike@… Owned by: nobody
Component: CSRF Version: 1.3
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Trying to setup jmeter for scalability testing I found following bug in CSRF Middleware

After few normal responses like this: - - [08/Sep/2011:13:11:38 +0200] "GET / HTTP/1.0" 200 12003 "csrftoken=0c85747298965a0fb54310eafa4da475" "-"

Django returns this strange CSRF cookie: - - [08/Sep/2011:13:31:46 +0200] "GET / HTTP/1.0" 200 12003 "csrftoken=Set-Cookie: csrftoken=ab04081d4bd93d21c1a2c56599b30a04\x5C073 expires=Th
u\x5C054 06-Sep-2012 11:31:00 GMT\x5C073 Max-Age=31449600\x5C073 Path=/" "-" "Java/1.7.0"

Change History (1)

comment:1 Changed 4 years ago by PaulM

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to invalid
  • Status changed from new to closed

That looks like the issue (that isn't going to be fixed) where cookie objects can't be stored in pickles (and thus can't be stored in the various caching backends). Your application is probably caching or storing the cookie somewhere (or may be configured to cache pages which contain cookies, which is a definite bad thing). I'm closing as invalid, but feel free to comment or re-open if you've got clear steps to reproduce the problem and you think it's a Django issue and not something your application is doing.


There's more info in #15863

Last edited 4 years ago by PaulM (previous) (diff)
Note: See TracTickets for help on using tickets.
Back to Top