Did you read https://docs.djangoproject.com/en/stable/ref/csrf/#how-it-works ?
On Thursday, April 28, 2016 at 11:24:40 AM UTC-4, Stefano Tranquillini wrote: > > Hello, > i was running a test on a website i dev with django and the system pointed > out that "There are indications that attempts to protect against CSRF is in > place. By using two different sessions the same tokens were retrieved. This > may indicate a buggy behavior in the protection mechanism." . By checking > it out I opened two tabs of the login page and both have the same csfr > token. This sounds strange to me, but maybe is not. > I've tried to look into the doc or in the group but I can't figure out if > it's an intended behaviour or what. > > When is a csfr generate/updated? > > thanks. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/fee11f31-4de7-492b-a70c-2f5ad4e34e17%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
