No. please open a new bug detailing this issue. -Paul
On Tue, May 15, 2012 at 6:53 AM, Rafał Stożek <[email protected]> wrote: > Should we reopen https://code.djangoproject.com/ticket/15863 then? > > > On Mon, May 14, 2012 at 4:39 PM, Suteepat Damrongyingsupab > <[email protected]> wrote: >> >> Hi all, >> Thanks for your help to investigate the issue. I didn't have a chance to >> look further into it. >> So every class-based views that subclass from TemplateResponseMixin are >> affected by this bug because it uses TemplateResponse as its response_class. >> >> >> >> On Monday, May 14, 2012 7:28:50 PM UTC+7, Rafał Stożek wrote: >>> >>> Oh, I see where the bug is. SimpleTemplateResponse.__getstate__ does not >>> call super(). And HttpResponse class serializes cookies in its __getstate__ >>> method. So basically SimpleTemplateResponse doesn't serialize cookies >>> correctly. >>> >>> On Mon, May 14, 2012 at 1:25 PM, Rafał Stożek <[email protected]> wrote: >>>> >>>> Could you try again to cause bug with SafeView class, but this time >>>> using TemplateResponse class instead of render_to_response shortcut? >>>> >>>> >>>> On Mon, May 14, 2012 at 10:24 AM, Suteepat Damrongyingsupab >>>> <[email protected]> wrote: >>>>> >>>>> I've just found the root cause of the problem. >>>>> The bug occurs when using ListView (I haven't tested other CBV though) >>>>> and decorating it with cache_page and csrf_protect. >>>>> I've tested it with a new clean project and left settings.py as a >>>>> default. >>>>> The simple code I used to test is as follows: >>>>> >>>>> urls.py (excerpt): >>>>> url(r'safe/$', cache_page(1800)(csrf_protect(SafeView.as_view()))), >>>>> url(r'bug/$', cache_page(1800)(csrf_protect(BugView.as_view()))), >>>>> >>>>> views.py: >>>>> from django.template import RequestContext >>>>> from django.views.generic import View, ListView >>>>> >>>>> class SafeView(View): >>>>> template_name = 'basic/index.html' >>>>> >>>>> def get(self, request): >>>>> return render_to_response('basic/index.html', {'msg': 'Hello, >>>>> world'}, context_instance=RequestContext(request)) >>>>> >>>>> class BugView(ListView): >>>>> template_name = 'basic/index.html' >>>>> queryset = [] >>>>> >>>>> template (basic/index.html): >>>>> Today message: {{ msg }}<br>{% csrf_token %} >>>>> >>>>> I kept reloading the SafeView page (20+ times) and the bug didn't >>>>> occur. >>>>> You should try reloading the BugView page and the bug will occur within >>>>> 10 reloading times. >>>>> >>>>> >>>>> >>>>> >>>>> On Monday, May 14, 2012 12:14:21 AM UTC+7, Paul McMillan wrote: >>>>>> >>>>>> That looks a lot like 15863. >>>>>> https://code.djangoproject.com/ticket/15863 >>>>>> >>>>>> Which cache backend are you using? Which session backend? Are you >>>>>> absolutely positive you are using Django 1.4, and not a >>>>>> system-installed version of 1.3? Does your code pickle or unpickle >>>>>> sessions or cookies anywhere outside of the caching framework? >>>>>> >>>>>> I thought we fixed that bug, but if you can provide minimal steps to >>>>>> reproduce it in Django 1.4, we'll have to reopen the ticket. >>>>>> >>>>>> -Paul >>>>>> >>>>>> On Sat, May 12, 2012 at 1:13 PM, Suteepat Damrongyingsupab >>>>>> <[email protected]> wrote: >>>>>> > I'm using Django 1.4. >>>>>> > According to the Django csrf docs, I decorate my class-based view in >>>>>> > the >>>>>> > urls.py as follows: >>>>>> > >>>>>> > cache_page(1800)(csrf_protect(MyView.as_view())) >>>>>> > >>>>>> > I kept reloading MyView page url and Set-Cookie header would be >>>>>> > recursive >>>>>> > like this: >>>>>> > >>>>>> > Set-Cookie: csrftoken="Set-Cookie: csrftoken=\"Set-Cookie: >>>>>> > csrftoken=XeRCBpXuNpuRie17OqWrDIM3xKt9hV3Q\\073 expires=Sat\\054 >>>>>> > 11-May-2013 >>>>>> > 19:50:21 GMT\\073 Max-Age=31449600\\073 Path=/\"" >>>>>> > >>>>>> > I don't know what's a trigger to this behavior. >>>>>> > Has anyone found a problem like this? Please help. >>>>>> > Thanks. >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > -- >>>>>> > You received this message because you are subscribed to the Google >>>>>> > Groups >>>>>> > "Django developers" group. >>>>>> > To view this discussion on the web visit >>>>>> > https://groups.google.com/d/msg/django-developers/-/Q5Ywwf3O0sIJ. >>>>>> > To post to this group, send email to >>>>>> > [email protected]. >>>>>> > To unsubscribe from this group, send email to >>>>>> > [email protected]. >>>>>> > For more options, visit this group at >>>>>> > http://groups.google.com/group/django-developers?hl=en. >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Django developers" group. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msg/django-developers/-/9YkZgDFQTfYJ. >>>>> >>>>> To post to this group, send email to >>>>> [email protected]. >>>>> To unsubscribe from this group, send email to >>>>> [email protected]. >>>>> For more options, visit this group at >>>>> http://groups.google.com/group/django-developers?hl=en. >>>> >>>> >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django developers" group. >> To view this discussion on the web visit >> https://groups.google.com/d/msg/django-developers/-/qRbbo0qIWv4J. >> >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/django-developers?hl=en. > > > -- > You received this message because you are subscribed to the Google Groups > "Django developers" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/django-developers?hl=en. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
