Hello,
You could try setting a new CSRF token using javascript every time a form
is submitted. Something like:
// Change this selector so it doesn't apply to forms with off-site actions.
$(document).on('submit', 'form[method=post]', function(){
for(var c = ''; c.length < 32;) c += Math.random().toString(36).substr(2,
1)
// You could set the expiration time very short here, since you only need
it for this request.
document.cookie = 'csrftoken=' + c + '; path=/'
if(!this.csrfmiddlewaretoken) $(this).append('<input type="hidden"
name="csrfmiddlewaretoken">')
$(this.csrfmiddlewaretoken).val(c)
})
It should work correctly for multiple tabs, and unlike the django login
form, even survive the back button.
Collin
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/70f21bdf-f916-4e7f-85fd-1ea427dd7487%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
