On 21 June 2011 16:48, Ivan Uemlianin <ivan.llai...@gmail.com> wrote: > With tsung you record a site visit (called a session) --- log in, view > various pages, do a few things, log out --- and tsung will then hit > the site with lots of randomised versions of this session. >
> Many of the views are csrf protected, and the automated requests tsung > generates don't get through the protection. For the moment I'm just > commenting out the csrf middleware in settings.py, but this is > obviously inconvenient. > I think you'll need to do some work with dyn_variable to pull the csrf token out of the original form and re-inject it into the post you send back. As far as I understand it, all that the csrf protection is is an opaque value hidden in any form that needs to be present in the submitted version to be valid. That stops "loose" posts from CSRF attacks working as they don't know the magic key. Malcolm -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
