Author: lukeplant
Date: 2008-12-03 07:23:23 -0600 (Wed, 03 Dec 2008)
New Revision: 9561
Modified:
django/trunk/django/contrib/csrf/middleware.py
Log:
Added some explanatory comments in CsrfMiddleware
Modified: django/trunk/django/contrib/csrf/middleware.py
===================================================================
--- django/trunk/django/contrib/csrf/middleware.py 2008-12-03 05:53:57 UTC
(rev 9560)
+++ django/trunk/django/contrib/csrf/middleware.py 2008-12-03 13:23:23 UTC
(rev 9561)
@@ -67,11 +67,16 @@
def process_response(self, request, response):
csrf_token = None
try:
+ # This covers a corner case in which the outgoing request
+ # both contains a form and sets a session cookie. This
+ # really should not be needed, since it is best if views
+ # that create a new session (login pages) also do a
+ # redirect, as is done by all such view functions in
+ # Django.
cookie = response.cookies[settings.SESSION_COOKIE_NAME]
csrf_token = _make_token(cookie.value)
except KeyError:
- # No outgoing cookie to set session, but
- # a session might already exist.
+ # Normal case - look for existing session cookie
try:
session_id = request.COOKIES[settings.SESSION_COOKIE_NAME]
csrf_token = _make_token(session_id)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
