Did you read https://docs.djangoproject.com/en/stable/ref/csrf/#how-it-works ?
On Thursday, April 28, 2016 at 11:24:40 AM UTC-4, Stefano Tranquillini wrote:
-- On Thursday, April 28, 2016 at 11:24:40 AM UTC-4, Stefano Tranquillini wrote:
Hello,i was running a test on a website i dev with django and the system pointed out that "There are indications that attempts to protect against CSRF is in place. By using two different sessions the same tokens were retrieved. This may indicate a buggy behavior in the protection mechanism." . By checking it out I opened two tabs of the login page and both have the same csfr token. This sounds strange to me, but maybe is not.I've tried to look into the doc or in the group but I can't figure out if it's an intended behaviour or what.When is a csfr generate/updated?thanks.
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/fee11f31-4de7-492b-a70c-2f5ad4e34e17%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment