Ok, it seems it is Chrome related.. :| I tried with Firefox and Safari and they hit the server only once. Could someone please confirm he has the same problem with Chrome (build 18.0.8025.142) ??
Le lundi 2 avril 2012 15:31:23 UTC+2, Joseph.Piron a écrit : > > Hi all, > > I got another problem (today's not my day it seems.. :'( ) > > I am trying to login through ldap but can't and nailed down another > problem: > On a simple login form url "default/user/login?_next=/app/default/index" I > get the classic login html form but can't succeed to log in. > Indeed, I traced a bit the code and the problem seems to be in html.py: > > in class FORM, accept function, there is: > if self.session: > formkey = self.session.get('_formkey[%s]' % self.formname, > None) > # check if user tampering with form and void CSRF > if formkey != self.request_vars._formkey: > status = False > > and formkey is always different from self.request_vars._formkey. > I also get three times in this function for each click on the login > button, and the formkey changes and it seems that the value of the second > or third passage is kept and compared with the one defined in the first > call and written in the form. > So of course, I can't login. > > It this a well known bug waiting for a patch? > > Thanks in advance !! >