diff options
| author | Vaclav Ehrlich <vaclav.ehrlich@gmail.com> | 2016-04-03 11:35:24 +0200 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2016-04-05 11:02:38 -0400 |
| commit | 369fa471f46cd517edf5fc82e4ef6138de3cff6e (patch) | |
| tree | 9e79d0a7fcd17e102c6c699f82a8e142215a01b9 /django | |
| parent | 02ae5fd31a56ffb42feadb49c1f3870ba0a24869 (diff) | |
Fixed #26201 -- Documented the consequences of rotating the CSRF token on login.
Diffstat (limited to 'django')
| -rw-r--r-- | django/views/csrf.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/django/views/csrf.py b/django/views/csrf.py index f22f3b25ac..493e112fbe 100644 --- a/django/views/csrf.py +++ b/django/views/csrf.py @@ -78,6 +78,9 @@ CSRF_FAILURE_TEMPLATE = """ <code>csrf_protect</code> on any views that use the <code>csrf_token</code> template tag, as well as those that accept the POST data.</li> + <li>The form has a valid CSRF token. After logging in in another browser + tab or hitting the back button after a login, you may need to reload the + page with the form, because the token is rotated after a login.</li> </ul> <p>You're seeing the help section of this page because you have <code>DEBUG = |
