Dear Malcolm
Thanks, this is a good clue. I'll try it out tomorrow and report back.
Best wishes
Ivan
On 21/06/11 17:54, Malcolm Box wrote:
On 21 June 2011 16:48, Ivan Uemlianin<ivan.llai...@gmail.com> wrote:
With tsung you record a site visit (called a session) --- log in, view
various pages, do a few things, log out --- and tsung will then hit
the site with lots of randomised versions of this session.
Many of the views are csrf protected, and the automated requests tsung
generates don't get through the protection. For the moment I'm just
commenting out the csrf middleware in settings.py, but this is
obviously inconvenient.
I think you'll need to do some work with dyn_variable to pull the csrf
token out of the original form and re-inject it into the post you send
back. As far as I understand it, all that the csrf protection is is an
opaque value hidden in any form that needs to be present in the
submitted version to be valid. That stops "loose" posts from CSRF
attacks working as they don't know the magic key.
Malcolm
--
============================================================
Ivan A. Uemlianin
Speech Technology Research and Development
i...@llaisdy.com
www.llaisdy.com
llaisdy.wordpress.com
www.linkedin.com/in/ivanuemlianin
"Froh, froh! Wie seine Sonnen, seine Sonnen fliegen"
(Schiller, Beethoven)
============================================================
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
