summaryrefslogtreecommitdiff
path: root/django
diff options
context:
space:
mode:
authorVaclav Ehrlich <vaclav.ehrlich@gmail.com>2016-04-03 11:35:24 +0200
committerTim Graham <timograham@gmail.com>2016-04-05 11:02:38 -0400
commit369fa471f46cd517edf5fc82e4ef6138de3cff6e (patch)
tree9e79d0a7fcd17e102c6c699f82a8e142215a01b9 /django
parent02ae5fd31a56ffb42feadb49c1f3870ba0a24869 (diff)
Fixed #26201 -- Documented the consequences of rotating the CSRF token on login.
Diffstat (limited to 'django')
-rw-r--r--django/views/csrf.py3
1 files changed, 3 insertions, 0 deletions
diff --git a/django/views/csrf.py b/django/views/csrf.py
index f22f3b25ac..493e112fbe 100644
--- a/django/views/csrf.py
+++ b/django/views/csrf.py
@@ -78,6 +78,9 @@ CSRF_FAILURE_TEMPLATE = """
<code>csrf_protect</code> on any views that use the <code>csrf_token</code>
template tag, as well as those that accept the POST data.</li>
+ <li>The form has a valid CSRF token. After logging in in another browser
+ tab or hitting the back button after a login, you may need to reload the
+ page with the form, because the token is rotated after a login.</li>
</ul>
<p>You're seeing the help section of this page because you have <code>DEBUG =