Should we reopen https://code.djangoproject.com/ticket/15863 then?
On Mon, May 14, 2012 at 4:39 PM, Suteepat Damrongyingsupab <
tianiss...@gmail.com> wrote:
> Hi all,
> Thanks for your help to investigate the issue. I didn't have a chance to
> look further into it.
> So every class-based views that subclass from TemplateResponseMixin are
> affected by this bug because it uses TemplateResponse as its response_class.
>
>
>
> On Monday, May 14, 2012 7:28:50 PM UTC+7, Rafał Stożek wrote:
>>
>> Oh, I see where the bug is. SimpleTemplateResponse.__**getstate__ does
>> not call super(). And HttpResponse class serializes cookies in its
>> __getstate__ method. So basically SimpleTemplateResponse doesn't serialize
>> cookies correctly.
>>
>> On Mon, May 14, 2012 at 1:25 PM, Rafał Stożek <say...@gmail.com> wrote:
>>
>>> Could you try again to cause bug with SafeView class, but this time
>>> using TemplateResponse class instead of render_to_response shortcut?
>>>
>>>
>>> On Mon, May 14, 2012 at 10:24 AM, Suteepat Damrongyingsupab <
>>> tianiss...@gmail.com> wrote:
>>>
>>>> I've just found the root cause of the problem.
>>>> The bug occurs when using ListView (I haven't tested other CBV though)
>>>> and decorating it with cache_page and csrf_protect.
>>>> I've tested it with a new clean project and left settings.py as a
>>>> default.
>>>> The simple code I used to test is as follows:
>>>>
>>>> *urls.py (excerpt):*
>>>> url(r'safe/$', cache_page(1800)(csrf_protect(**
>>>> SafeView.as_view()))),
>>>> url(r'bug/$', cache_page(1800)(csrf_protect(**BugView.as_view()))),
>>>>
>>>> *views.py:*
>>>> from django.template import RequestContext
>>>> from django.views.generic import View, ListView
>>>>
>>>> class SafeView(View):
>>>> template_name = 'basic/index.html'
>>>>
>>>> def get(self, request):
>>>> return render_to_response('basic/**index.html', {'msg':
>>>> 'Hello, world'}, context_instance=**RequestContext(request))
>>>>
>>>> class BugView(ListView):
>>>> template_name = 'basic/index.html'
>>>> queryset = []
>>>>
>>>> *template (basic/index.html):*
>>>> Today message: {{ msg }}<br>{% csrf_token %}
>>>>
>>>> I kept reloading the SafeView page (20+ times) and the bug didn't occur.
>>>> You should try reloading the BugView page and the bug will occur within
>>>> 10 reloading times.
>>>>
>>>>
>>>>
>>>>
>>>> On Monday, May 14, 2012 12:14:21 AM UTC+7, Paul McMillan wrote:
>>>>>
>>>>> That looks a lot like 15863.
>>>>> https://code.djangoproject.**com**/ticket/15863<https://code.djangoproject.com/ticket/15863>
>>>>>
>>>>> Which cache backend are you using? Which session backend? Are you
>>>>> absolutely positive you are using Django 1.4, and not a
>>>>> system-installed version of 1.3? Does your code pickle or unpickle
>>>>> sessions or cookies anywhere outside of the caching framework?
>>>>>
>>>>> I thought we fixed that bug, but if you can provide minimal steps to
>>>>> reproduce it in Django 1.4, we'll have to reopen the ticket.
>>>>>
>>>>> -Paul
>>>>>
>>>>> On Sat, May 12, 2012 at 1:13 PM, Suteepat Damrongyingsupab
>>>>> <tianiss...@gmail.com> wrote:
>>>>> > I'm using Django 1.4.
>>>>> > According to the Django csrf docs, I decorate my class-based view in
>>>>> the
>>>>> > urls.py as follows:
>>>>> >
>>>>> > cache_page(1800)(csrf_protect(****MyView.as_view()))
>>>>> >
>>>>> > I kept reloading MyView page url and Set-Cookie header would be
>>>>> recursive
>>>>> > like this:
>>>>> >
>>>>> > Set-Cookie: csrftoken="Set-Cookie: csrftoken=\"Set-Cookie:
>>>>> > csrftoken=**XeRCBpXuNpuRie17OqWr**DIM3xKt9hV**3Q\\073
>>>>> expires=Sat\\054 11-May-2013
>>>>> > 19:50:21 GMT\\073 Max-Age=31449600\\073 Path=/\""
>>>>> >
>>>>> > I don't know what's a trigger to this behavior.
>>>>> > Has anyone found a problem like this? Please help.
>>>>> > Thanks.
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> > --
>>>>> > You received this message because you are subscribed to the Google
>>>>> Groups
>>>>> > "Django developers" group.
>>>>> > To view this discussion on the web visit
>>>>> > https://groups.google.com/d/**ms**g/django-developers/-/**Q5Ywwf3O**
>>>>> 0sIJ<https://groups.google.com/d/msg/django-developers/-/Q5Ywwf3O0sIJ>.
>>>>>
>>>>> > To post to this group, send email to django-developers@**
>>>>> googlegroups**.com <django-developers@googlegroups.com>.
>>>>> > To unsubscribe from this group, send email to
>>>>> > django-developers+unsubscribe@****googlegroups.com<django-developers%2bunsubscr...@googlegroups.com>.
>>>>>
>>>>> > For more options, visit this group at
>>>>> > http://groups.google.com/**group**/django-developers?hl=en<http://groups.google.com/group/django-developers?hl=en>.
>>>>>
>>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Django developers" group.
>>>> To view this discussion on the web visit https://groups.google.com/d/**
>>>> msg/django-developers/-/**9YkZgDFQTfYJ<https://groups.google.com/d/msg/django-developers/-/9YkZgDFQTfYJ>
>>>> .
>>>>
>>>> To post to this group, send email to django-developers@**
>>>> googlegroups.com <django-developers@googlegroups.com>.
>>>> To unsubscribe from this group, send email to
>>>> django-developers+unsubscribe@**googlegroups.com<django-developers%2bunsubscr...@googlegroups.com>
>>>> .
>>>> For more options, visit this group at http://groups.google.com/**
>>>> group/django-developers?hl=en<http://groups.google.com/group/django-developers?hl=en>
>>>> .
>>>>
>>>
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Django developers" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/django-developers/-/qRbbo0qIWv4J.
>
> To post to this group, send email to django-developers@googlegroups.com.
> To unsubscribe from this group, send email to
> django-developers+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-developers?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
