mirror of
https://github.com/django/django.git
synced 2024-12-01 15:42:04 +01:00
Added some explanatory comments in CsrfMiddleware
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9561 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
4bdbd1401d
commit
9c33d74f1d
@ -67,11 +67,16 @@ class CsrfResponseMiddleware(object):
|
|||||||
def process_response(self, request, response):
|
def process_response(self, request, response):
|
||||||
csrf_token = None
|
csrf_token = None
|
||||||
try:
|
try:
|
||||||
|
# This covers a corner case in which the outgoing request
|
||||||
|
# both contains a form and sets a session cookie. This
|
||||||
|
# really should not be needed, since it is best if views
|
||||||
|
# that create a new session (login pages) also do a
|
||||||
|
# redirect, as is done by all such view functions in
|
||||||
|
# Django.
|
||||||
cookie = response.cookies[settings.SESSION_COOKIE_NAME]
|
cookie = response.cookies[settings.SESSION_COOKIE_NAME]
|
||||||
csrf_token = _make_token(cookie.value)
|
csrf_token = _make_token(cookie.value)
|
||||||
except KeyError:
|
except KeyError:
|
||||||
# No outgoing cookie to set session, but
|
# Normal case - look for existing session cookie
|
||||||
# a session might already exist.
|
|
||||||
try:
|
try:
|
||||||
session_id = request.COOKIES[settings.SESSION_COOKIE_NAME]
|
session_id = request.COOKIES[settings.SESSION_COOKIE_NAME]
|
||||||
csrf_token = _make_token(session_id)
|
csrf_token = _make_token(session_id)
|
||||||
|
Loading…
Reference in New Issue
Block a user