Opened 13 years ago
Closed 13 years ago
#16768 closed Bug (invalid)
Wrong cookie set by CSRF middleware
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | CSRF | Version: | 1.3 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Trying to setup jmeter for scalability testing I found following bug in CSRF Middleware
After few normal responses like this:
172.29.4.168 - - [08/Sep/2011:13:11:38 +0200] "GET / HTTP/1.0" 200 12003 "csrftoken=0c85747298965a0fb54310eafa4da475" "-" "Java/1.7.0"
Django returns this strange CSRF cookie:
172.29.4.168 - - [08/Sep/2011:13:31:46 +0200] "GET / HTTP/1.0" 200 12003 "csrftoken=Set-Cookie: csrftoken=ab04081d4bd93d21c1a2c56599b30a04\x5C073 expires=Th u\x5C054 06-Sep-2012 11:31:00 GMT\x5C073 Max-Age=31449600\x5C073 Path=/" "-" "Java/1.7.0"
Note:
See TracTickets
for help on using tickets.
That looks like the issue (that isn't going to be fixed) where cookie objects can't be stored in pickles (and thus can't be stored in the various caching backends). Your application is probably caching or storing the cookie somewhere (or may be configured to cache pages which contain cookies, which is a definite bad thing). I'm closing as invalid, but feel free to comment or re-open if you've got clear steps to reproduce the problem and you think it's a Django issue and not something your application is doing.
Edit:
There's more info in #15863