id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 24280 CSRF cookie error only happening with Chrome. jkapple nobody "I have a site that is running Django 1.6.10. Recently some of our admins had trouble logging in and were getting the CSRF 403 error page. They had to delete all their cookies for the site to be able to login again. This led me to wonder if it was more widespread, since the CSRF error page doesn't get logged. I enabled logging and I'm seeing about 10% of posts having issues. My Settings.py looks like this: {{{ TEMPLATE_CONTEXT_PROCESSORS = ( 'django.contrib.auth.context_processors.auth', 'django.core.context_processors.debug', 'django.core.context_processors.csrf', 'django.core.context_processors.i18n', 'django.core.context_processors.media', 'django.core.context_processors.request', 'django.core.context_processors.static', ) MIDDLEWARE_CLASSES = ( 'debug_toolbar.middleware.DebugToolbarMiddleware', 'django.middleware.cache.UpdateCacheMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.middleware.doc.XViewMiddleware', 'django.contrib.flatpages.middleware.FlatpageFallbackMiddleware', 'linaro_django_pagination.middleware.PaginationMiddleware', 'django.middleware.cache.FetchFromCacheMiddleware', ) }}} The views causing the issue are generic class based views with a comment post form. The form has {% csrf_token %} inside the form tags. The error that is getting triggered is REASON_NO_CSRF from the csrf middleware. {{{ , POST:, COOKIES:{'HIRO_COOKIE': 'data=&newSession=false&id=REDACTED×tamp=1414023546237', 'OX_plg': 'swf|shk|pm', 'SS_ARE_Override.traceLevel': 'WARN', '__gads': 'ID=b5f389086388b528:T=1413419752:S=ALNI_MaqCqguvaHWhG76FGjhHzPTieaGeA', '__qca': 'P0-2120806691-1413419758360', '__sonar': '749077714819215977', '_bsef2f5b6aaad756f2445ed7606b648325': '1', 'acudeoSession.': '%7B%22time%22%3A1421376382060%2C%22adIndex%22%3A1%7D', 'ebNewBandWidth_.www.REDACTED.com': 'REDACTED', 'mlUserID': '9X8L0kMS8ypL', 'targus.BirthYear': '', 'targus.ap_seg': '', 'targus.gender': '', 'targus.matched': '1', 'targus.segment': '000', 'targus.zip': '', 'vsl_userid': 'c4ee281a94b19b5cb09d83ee93e98f55'}, META:{'CONTENT_LENGTH': '92', 'CONTENT_TYPE': 'application/x-www-form-urlencoded', u'CSRF_COOKIE': u'CV5Vh0mpa578LnKGK1Lfj6pRVB1cwc6E', 'DOCUMENT_ROOT': '/usr/local/apache2/htdocs', 'GATEWAY_INTERFACE': 'CGI/1.1', 'HTTP_ACCEPT': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*; q=0.8', 'HTTP_ACCEPT_ENCODING': 'gzip, deflate', 'HTTP_ACCEPT_LANGUAGE': 'en,en-GB;q=0.8', 'HTTP_CACHE_CONTROL': 'max-age=0', 'HTTP_CONNECTION': 'close', }}} The odd thing, this just started happening and it only affects Chrome user agents. I can step through with Chrome developer tools and see the a csrftoken cookie is present, but randomly after submitting, the error REASON_NO_CSRF gets triggered in the middle ware. Doing the same exact thing in Firefox or Internet Explorer works fine. My Chrome install has no extensions running and is the latest 32 bit version. " Bug closed CSRF 1.6 Release blocker duplicate CSRF, chrome Unreviewed 0 0 0 0 0 0