#24280: CSRF cookie error only happening with Chrome. ---------------------------------+-------------------------------------- Reporter: jkapple | Owner: nobody Type: Bug | Status: new Component: CSRF | Version: 1.6 Severity: Release blocker | Resolution: Keywords: CSRF, chrome | Triage Stage: Unreviewed Has patch: 0 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 ---------------------------------+--------------------------------------
Comment (by subsume): I was able to verify that the csrftoken in the form and the csrf cookie are both present and match before failure. I had the user delete the csrf cookie and retry and it issued a new one which failed. I was also able to take over a user's session normally by taking their cookie value and replacing my own locally with it. While their environment still failed, mine was able to use the site normally. (while they can maintain their session while the problem is happening, they can't submit csrf forms). -- Ticket URL: <https://code.djangoproject.com/ticket/24280#comment:7> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.c0bf0c33c63ee40f7ba4bea5d48705fa%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.