Could you try again to cause bug with SafeView class, but this time using TemplateResponse class instead of render_to_response shortcut?
On Mon, May 14, 2012 at 10:24 AM, Suteepat Damrongyingsupab < [email protected]> wrote: > I've just found the root cause of the problem. > The bug occurs when using ListView (I haven't tested other CBV though) and > decorating it with cache_page and csrf_protect. > I've tested it with a new clean project and left settings.py as a default. > The simple code I used to test is as follows: > > *urls.py (excerpt):* > url(r'safe/$', cache_page(1800)(csrf_protect(SafeView.as_view()))), > url(r'bug/$', cache_page(1800)(csrf_protect(BugView.as_view()))), > > *views.py:* > from django.template import RequestContext > from django.views.generic import View, ListView > > class SafeView(View): > template_name = 'basic/index.html' > > def get(self, request): > return render_to_response('basic/index.html', {'msg': 'Hello, > world'}, context_instance=RequestContext(request)) > > class BugView(ListView): > template_name = 'basic/index.html' > queryset = [] > > *template (basic/index.html):* > Today message: {{ msg }}<br>{% csrf_token %} > > I kept reloading the SafeView page (20+ times) and the bug didn't occur. > You should try reloading the BugView page and the bug will occur within 10 > reloading times. > > > > > On Monday, May 14, 2012 12:14:21 AM UTC+7, Paul McMillan wrote: >> >> That looks a lot like 15863. >> https://code.djangoproject.**com/ticket/15863<https://code.djangoproject.com/ticket/15863> >> >> Which cache backend are you using? Which session backend? Are you >> absolutely positive you are using Django 1.4, and not a >> system-installed version of 1.3? Does your code pickle or unpickle >> sessions or cookies anywhere outside of the caching framework? >> >> I thought we fixed that bug, but if you can provide minimal steps to >> reproduce it in Django 1.4, we'll have to reopen the ticket. >> >> -Paul >> >> On Sat, May 12, 2012 at 1:13 PM, Suteepat Damrongyingsupab >> <[email protected]> wrote: >> > I'm using Django 1.4. >> > According to the Django csrf docs, I decorate my class-based view in >> the >> > urls.py as follows: >> > >> > cache_page(1800)(csrf_protect(**MyView.as_view())) >> > >> > I kept reloading MyView page url and Set-Cookie header would be >> recursive >> > like this: >> > >> > Set-Cookie: csrftoken="Set-Cookie: csrftoken=\"Set-Cookie: >> > csrftoken=**XeRCBpXuNpuRie17OqWrDIM3xKt9hV**3Q\\073 expires=Sat\\054 >> 11-May-2013 >> > 19:50:21 GMT\\073 Max-Age=31449600\\073 Path=/\"" >> > >> > I don't know what's a trigger to this behavior. >> > Has anyone found a problem like this? Please help. >> > Thanks. >> > >> > >> > >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups >> > "Django developers" group. >> > To view this discussion on the web visit >> > https://groups.google.com/d/**msg/django-developers/-/**Q5Ywwf3O0sIJ<https://groups.google.com/d/msg/django-developers/-/Q5Ywwf3O0sIJ>. >> >> > To post to this group, send email to django-developers@** >> googlegroups.com <[email protected]>. >> > To unsubscribe from this group, send email to >> > django-developers+unsubscribe@**googlegroups.com<django-developers%[email protected]>. >> >> > For more options, visit this group at >> > http://groups.google.com/**group/django-developers?hl=en<http://groups.google.com/group/django-developers?hl=en>. >> >> > -- > You received this message because you are subscribed to the Google Groups > "Django developers" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/django-developers/-/9YkZgDFQTfYJ. > > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/django-developers?hl=en. > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
