diff options
| author | Luke Plant <L.Plant.98@cantab.net> | 2008-12-03 13:23:23 +0000 |
|---|---|---|
| committer | Luke Plant <L.Plant.98@cantab.net> | 2008-12-03 13:23:23 +0000 |
| commit | 9c33d74f1dbc71dc295f11c1be2f1146a487e611 (patch) | |
| tree | c6c613a850723c5ecd9b2fc9381a4867cea85e7a | |
| parent | 4bdbd1401d4001fef2f6a4ba960da24700e19157 (diff) | |
Added some explanatory comments in CsrfMiddleware
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9561 bcc190cf-cafb-0310-a4f2-bffc1f526a37
| -rw-r--r-- | django/contrib/csrf/middleware.py | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/django/contrib/csrf/middleware.py b/django/contrib/csrf/middleware.py index 6f818fc93c..3a06feb398 100644 --- a/django/contrib/csrf/middleware.py +++ b/django/contrib/csrf/middleware.py @@ -67,11 +67,16 @@ class CsrfResponseMiddleware(object): def process_response(self, request, response): csrf_token = None try: + # This covers a corner case in which the outgoing request + # both contains a form and sets a session cookie. This + # really should not be needed, since it is best if views + # that create a new session (login pages) also do a + # redirect, as is done by all such view functions in + # Django. cookie = response.cookies[settings.SESSION_COOKIE_NAME] csrf_token = _make_token(cookie.value) except KeyError: - # No outgoing cookie to set session, but - # a session might already exist. + # Normal case - look for existing session cookie try: session_id = request.COOKIES[settings.SESSION_COOKIE_NAME] csrf_token = _make_token(session_id) |
