Hi,
I found this thread today as I have come across the same problem.
I did find a solution that seems to work OK and I'd like to post
it and get some feedback.
I've built a standard user log in pretty much exactly the same
as in the django docs.
I now want to create a 2nd log in method that use Dajax.
> At the point the first AJAX request is sent, the user doesn't have a validCSRF
> token yet, since the user hasn't visited a Django page yet. .That's why a GET
> may be preferable here.
This is the problem. If a user lands on the home page he has
not yet received any csrf token cookie.
In my basic app the csrf token is only issued once the user gets
to the 2nd page which is the login form. The csrf token
is a hidden form field in the login form.
So in effect if the user wants to login from the home page via dajax
which is their landing page the csrf token needs to be issued
on the very 1st page request.
def index(request):
""" A function to render the home page
"""
# Any page that is not login required but that can
# send a dajax request needs to have a csrf cookie sent to it.
get_token(request)
# Return rendered HTML
return render_to_response('index.html', RequestContext(request))
# end def
Now the user is sent the csrf token via cookie with their 1st page
request
they land on (home page) and can now use dajax to login right away.
Dajax uses post so the csrf id is sent in with the headers.
Seems to work OK for me.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
