So the app is issuing a GET (not POST) via ajax on the same domain as the sessionid cookie, and the view is returning a 403 because the user is not logged in?
If the app is in the same domain as the cookie, the the ajax request will include the cookie, even if it's a http-only (non-javascript) cookie. If you print request.COOKIES in the view, does it really not have sessionid? -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/d0467cbc-e461-438d-9762-4be7cd2bb0bb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
