Opened 13 years ago

Closed 13 years ago

#16768 closed Bug (invalid)

Wrong cookie set by CSRF middleware

Reported by: ike@… Owned by: nobody
Component: CSRF Version: 1.3
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Trying to setup jmeter for scalability testing I found following bug in CSRF Middleware

After few normal responses like this:

172.29.4.168 - - [08/Sep/2011:13:11:38 +0200] "GET / HTTP/1.0" 200 12003 "csrftoken=0c85747298965a0fb54310eafa4da475" "-"
 "Java/1.7.0"

Django returns this strange CSRF cookie:

172.29.4.168 - - [08/Sep/2011:13:31:46 +0200] "GET / HTTP/1.0" 200 12003 "csrftoken=Set-Cookie: csrftoken=ab04081d4bd93d21c1a2c56599b30a04\x5C073 expires=Th
u\x5C054 06-Sep-2012 11:31:00 GMT\x5C073 Max-Age=31449600\x5C073 Path=/" "-" "Java/1.7.0"

Change History (1)

comment:1 by Paul McMillan, 13 years ago

Resolution: invalid
Status: newclosed

That looks like the issue (that isn't going to be fixed) where cookie objects can't be stored in pickles (and thus can't be stored in the various caching backends). Your application is probably caching or storing the cookie somewhere (or may be configured to cache pages which contain cookies, which is a definite bad thing). I'm closing as invalid, but feel free to comment or re-open if you've got clear steps to reproduce the problem and you think it's a Django issue and not something your application is doing.

Version 0, edited 13 years ago by Paul McMillan (next)
Note: See TracTickets for help on using tickets.
Back to Top