I've just found the root cause of the problem.
The bug occurs when using ListView (I haven't tested other CBV though) and
decorating it with cache_page and csrf_protect.
I've tested it with a new clean project and left settings.py as a default.
The simple code I used to test is as follows:
*urls.py (excerpt):*
url(r'safe/$', cache_page(1800)(csrf_protect(SafeView.as_view()))),
url(r'bug/$', cache_page(1800)(csrf_protect(BugView.as_view()))),
*views.py:*
from django.template import RequestContext
from django.views.generic import View, ListView
class SafeView(View):
template_name = 'basic/index.html'
def get(self, request):
return render_to_response('basic/index.html', {'msg': 'Hello,
world'}, context_instance=RequestContext(request))
class BugView(ListView):
template_name = 'basic/index.html'
queryset = []
*template (basic/index.html):*
Today message: {{ msg }}<br>{% csrf_token %}
I kept reloading the SafeView page (20+ times) and the bug didn't occur.
You should try reloading the BugView page and the bug will occur within 10
reloading times.
On Monday, May 14, 2012 12:14:21 AM UTC+7, Paul McMillan wrote:
>
> That looks a lot like 15863.
> https://code.djangoproject.com/ticket/15863
>
> Which cache backend are you using? Which session backend? Are you
> absolutely positive you are using Django 1.4, and not a
> system-installed version of 1.3? Does your code pickle or unpickle
> sessions or cookies anywhere outside of the caching framework?
>
> I thought we fixed that bug, but if you can provide minimal steps to
> reproduce it in Django 1.4, we'll have to reopen the ticket.
>
> -Paul
>
> On Sat, May 12, 2012 at 1:13 PM, Suteepat Damrongyingsupab
> <[email protected]> wrote:
> > I'm using Django 1.4.
> > According to the Django csrf docs, I decorate my class-based view in the
> > urls.py as follows:
> >
> > cache_page(1800)(csrf_protect(MyView.as_view()))
> >
> > I kept reloading MyView page url and Set-Cookie header would be
> recursive
> > like this:
> >
> > Set-Cookie: csrftoken="Set-Cookie: csrftoken=\"Set-Cookie:
> > csrftoken=XeRCBpXuNpuRie17OqWrDIM3xKt9hV3Q\\073 expires=Sat\\054
> 11-May-2013
> > 19:50:21 GMT\\073 Max-Age=31449600\\073 Path=/\""
> >
> > I don't know what's a trigger to this behavior.
> > Has anyone found a problem like this? Please help.
> > Thanks.
> >
> >
> >
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups
> > "Django developers" group.
> > To view this discussion on the web visit
> > https://groups.google.com/d/msg/django-developers/-/Q5Ywwf3O0sIJ.
> > To post to this group, send email to [email protected].
>
> > To unsubscribe from this group, send email to
> > [email protected].
> > For more options, visit this group at
> > http://groups.google.com/group/django-developers?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/django-developers/-/9YkZgDFQTfYJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
