#24280: CSRF cookie error only happening with Chrome.
---------------------------------+--------------------------------------
Reporter: jkapple | Owner: nobody
Type: Bug | Status: new
Component: CSRF | Version: 1.6
Severity: Release blocker | Resolution:
Keywords: CSRF, chrome | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+--------------------------------------
Comment (by subsume):
I was able to verify that the csrftoken in the form and the csrf cookie
are both present and match before failure.
I had the user delete the csrf cookie and retry and it issued a new one
which failed.
I was also able to take over a user's session normally by taking their
cookie value and replacing my own locally with it. While their environment
still failed, mine was able to use the site normally. (while they can
maintain their session while the problem is happening, they can't submit
csrf forms).
--
Ticket URL: <https://code.djangoproject.com/ticket/24280#comment:7>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/065.c0bf0c33c63ee40f7ba4bea5d48705fa%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
