Hi all,
I got another problem (today's not my day it seems.. :'( )
I am trying to login through ldap but can't and nailed down another problem:
On a simple login form url "default/user/login?_next=/app/default/index" I
get the classic login html form but can't succeed to log in.
Indeed, I traced a bit the code and the problem seems to be in html.py:
in class FORM, accept function, there is:
if self.session:
formkey = self.session.get('_formkey[%s]' % self.formname, None)
# check if user tampering with form and void CSRF
if formkey != self.request_vars._formkey:
status = False
and formkey is always different from self.request_vars._formkey.
I also get three times in this function for each click on the login button,
and the formkey changes and it seems that the value of the second or third
passage is kept and compared with the one defined in the first call and
written in the form.
So of course, I can't login.
It this a well known bug waiting for a patch?
Thanks in advance !!
