Eugene Mirotin ??: > May be the order of middleware classes does matter here? > > On Jul 19, 4:08 pm, Ronghui Yu <stone...@gmail.com> wrote: > >> It proves that it is introduced by >> django.middleware.http.ConditionalGetMiddleware. It returns 304 when >> requesting the same login page, so at last the browser uses the former one. >> It works fine after removing this middleware. >> I believe this middleware cannot work with never_cache. >> >> Eugene Mirotin ??: >> >> >> >> >>> Isn't adding a timestamp to the url a workaround? >>> I mean making all links to /login/ look like /login/?_=timestamp >>> This can be easily done on the client side with some JS library, or, >>> on the server side. >>> >>> Not nice, but it should help, I guess. >>> >>> On Jul 17, 5:24 pm, Ronghui Yu <stone...@gmail.com> wrote: >>> >>>> Hi, All, >>>> >>>> I have a project that have CsrfMiddleware enable, all forms work fine, >>>> but the login form doesn't, for all browsers(IE,Chrome,Firefox,Safari). >>>> Most of the time, it throws 403, which is thrown by CsrfMiddleware. >>>> That's because the browser cache the login page, so each time the login >>>> page is opened, the csrfmiddlearetoken value doesn't get update. If the >>>> browser cache is cleaned before opening the login page, then it works >>>> fine. But this is not what I expect. >>>> >>>> When look into django.contrib.auth.views, the login view is decorated by >>>> never_cache, but actually it doesn't work for me. I have no idea what's >>>> wrong with it. Has anybody ever encounted this situation? Or could >>>> anybody give me some hints? >>>> >>>> Thanks in advance. >>>> >>>> -- >>>> Ronghui Yu <mailto:stone...@163.com> >>>> >> -- >> Ronghui Yu <mailto:stone...@163.com> >> I had tried to reorder the middlewares, but it didn't work either. Here is the comment of ConditionalGetMiddleware:
5 Handles conditional GET operations. If the response has a ETag or 6 Last-Modified header, and the request has If-None-Match or 7 If-Modified-Since, the response is replaced by an HttpNotModified. 8 9 Also sets the Date and Content-Length response-headers. I think the login page falls into this scope even it is decorated by never_cache. -- Ronghui Yu <mailto:stone...@163.com> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---