Opened 6 years ago
Closed 6 years ago
#29728 closed Cleanup/optimization (fixed)
CSRF_USE_SESSIONS leads to session save on every request using csrf
| Reported by: | Michal Čihař | Owned by: | nobody |
|---|---|---|---|
| Component: | CSRF | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The way CSRF saving in the session is currently implemented leads to updating session with every request which uses csrf tokens. Having many CSRF protected forms on the site leads to session update with almost every request. IMHO this is not really needed and it should update the session only if needed.
Change History (4)
comment:1 by , 6 years ago
| Has patch: | set |
|---|---|
| Needs tests: | set |
| Triage Stage: | Unreviewed → Accepted |
comment:2 by , 6 years ago
| Needs tests: | unset |
|---|
comment:3 by , 6 years ago
| Triage Stage: | Accepted → Ready for checkin |
|---|
Note:
See TracTickets
for help on using tickets.
Patch should be RFC once the minor changes are addressed. Maybe it's something worth mentioning in the release notes?