Hello,
You could try setting a new CSRF token using javascript every time a form
is submitted. Something like:
// Change this selector so it doesn't apply to forms with off-site actions.
$(document).on('submit', 'form[method=post]', function(){
for(var c = ''; c.length < 32;) c += Math.random().toString(36).substr(2,
1)
// You could set the expiration time very short here, since you only need
it for this request.
document.cookie = 'csrftoken=' + c + '; path=/'
if(!this.csrfmiddlewaretoken) $(this).append('<input type="hidden"
name="csrfmiddlewaretoken">')
$(this.csrfmiddlewaretoken).val(c)
})
It should work correctly for multiple tabs, and unlike the django login
form, even survive the back button.
Collin
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/70f21bdf-f916-4e7f-85fd-1ea427dd7487%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
