Oh, I see where the bug is. SimpleTemplateResponse.__getstate__ does not call super(). And HttpResponse class serializes cookies in its __getstate__ method. So basically SimpleTemplateResponse doesn't serialize cookies correctly.
On Mon, May 14, 2012 at 1:25 PM, Rafał Stożek <[email protected]> wrote: > Could you try again to cause bug with SafeView class, but this time using > TemplateResponse class instead of render_to_response shortcut? > > > On Mon, May 14, 2012 at 10:24 AM, Suteepat Damrongyingsupab < > [email protected]> wrote: > >> I've just found the root cause of the problem. >> The bug occurs when using ListView (I haven't tested other CBV though) >> and decorating it with cache_page and csrf_protect. >> I've tested it with a new clean project and left settings.py as a default. >> The simple code I used to test is as follows: >> >> *urls.py (excerpt):* >> url(r'safe/$', cache_page(1800)(csrf_protect(SafeView.as_view()))), >> url(r'bug/$', cache_page(1800)(csrf_protect(BugView.as_view()))), >> >> *views.py:* >> from django.template import RequestContext >> from django.views.generic import View, ListView >> >> class SafeView(View): >> template_name = 'basic/index.html' >> >> def get(self, request): >> return render_to_response('basic/index.html', {'msg': 'Hello, >> world'}, context_instance=RequestContext(request)) >> >> class BugView(ListView): >> template_name = 'basic/index.html' >> queryset = [] >> >> *template (basic/index.html):* >> Today message: {{ msg }}<br>{% csrf_token %} >> >> I kept reloading the SafeView page (20+ times) and the bug didn't occur. >> You should try reloading the BugView page and the bug will occur within >> 10 reloading times. >> >> >> >> >> On Monday, May 14, 2012 12:14:21 AM UTC+7, Paul McMillan wrote: >>> >>> That looks a lot like 15863. >>> https://code.djangoproject.**com/ticket/15863<https://code.djangoproject.com/ticket/15863> >>> >>> Which cache backend are you using? Which session backend? Are you >>> absolutely positive you are using Django 1.4, and not a >>> system-installed version of 1.3? Does your code pickle or unpickle >>> sessions or cookies anywhere outside of the caching framework? >>> >>> I thought we fixed that bug, but if you can provide minimal steps to >>> reproduce it in Django 1.4, we'll have to reopen the ticket. >>> >>> -Paul >>> >>> On Sat, May 12, 2012 at 1:13 PM, Suteepat Damrongyingsupab >>> <[email protected]> wrote: >>> > I'm using Django 1.4. >>> > According to the Django csrf docs, I decorate my class-based view in >>> the >>> > urls.py as follows: >>> > >>> > cache_page(1800)(csrf_protect(**MyView.as_view())) >>> > >>> > I kept reloading MyView page url and Set-Cookie header would be >>> recursive >>> > like this: >>> > >>> > Set-Cookie: csrftoken="Set-Cookie: csrftoken=\"Set-Cookie: >>> > csrftoken=**XeRCBpXuNpuRie17OqWrDIM3xKt9hV**3Q\\073 expires=Sat\\054 >>> 11-May-2013 >>> > 19:50:21 GMT\\073 Max-Age=31449600\\073 Path=/\"" >>> > >>> > I don't know what's a trigger to this behavior. >>> > Has anyone found a problem like this? Please help. >>> > Thanks. >>> > >>> > >>> > >>> > >>> > -- >>> > You received this message because you are subscribed to the Google >>> Groups >>> > "Django developers" group. >>> > To view this discussion on the web visit >>> > https://groups.google.com/d/**msg/django-developers/-/**Q5Ywwf3O0sIJ<https://groups.google.com/d/msg/django-developers/-/Q5Ywwf3O0sIJ>. >>> >>> > To post to this group, send email to django-developers@** >>> googlegroups.com <[email protected]>. >>> > To unsubscribe from this group, send email to >>> > django-developers+unsubscribe@**googlegroups.com<django-developers%[email protected]>. >>> >>> > For more options, visit this group at >>> > http://groups.google.com/**group/django-developers?hl=en<http://groups.google.com/group/django-developers?hl=en>. >>> >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django developers" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/django-developers/-/9YkZgDFQTfYJ. >> >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/django-developers?hl=en. >> > > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
