No, I haven't configured two session factories, one of them is
commented out, so that I can test either.
If I use LegacySessionCSRFStoragePolicy, get_csrf_token(request) and
request.session.get_csrf_token() do return the same value. A look at
the source code shows they are implemented in the same
They are effectively the same.
https://docs.pylonsproject.org/projects/pyramid/en/latest/_modules/pyramid/csrf.html#LegacySessionCSRFStoragePolicy.get_csrf_token
In your code, you have configured two session factories. I assume you get the
CSRF unique to each factory. ¯\_(ツ)_/¯
--steve
On
So, if I follow this line of reasoning, the way to get the same value
as in the template is to use :
from pyramid.csrf import get_csrf_token
print get_csrf_token(request)
and *not* :
print request.session.get_csrf_token()
Le dim. 2 mai 2021 à 19:11, Laurent Daverio a écrit :
>
> OK, I've been
OK, I've been able to nail it down on a simple example : depending on
the CSRF storage policy I use, "request.session.get_csrf_token()"
(called from python or a template) and "get_csrf_token()" (called from
a template) return the same value *or not*.
- no storage policy => ok
-