[1.5.x] Fixed bug causing CSRF token not to rotate on login.

Thanks Gavin McQuillan for the report. Backport of ac4fec5ca2 from master
author: Tim Graham <timograham@gmail.com> 2013-10-17 19:51:45 -0400
committer: Tim Graham <timograham@gmail.com> 2013-10-18 08:33:07 -0400
commit: 0fb2897c81c6c39f5d3a94ab50070c5fe8a602ad (patch)
tree: 16401d630791e7981193bcdcffab062f9d805463
parent: 312ca5e9cb89af790fa8af04811a3e4c5e621758 (diff)
2 files changed, 4 insertions, 2 deletions
diff --git a/django/contrib/auth/tests/views.py b/django/contrib/auth/tests/views.py
index 754fa3550e..e39dc0ea80 100644
--- a/django/contrib/auth/tests/views.py
+++ b/django/contrib/auth/tests/views.py
@@ -392,7 +392,6 @@ class LoginTest(AuthViewsTestCase):
         CsrfViewMiddleware().process_view(req, login_view, (), {})
         req.META["SERVER_NAME"] = "testserver"  # Required to have redirect work in login view
         req.META["SERVER_PORT"] = 80
-        req.META["CSRF_COOKIE_USED"] = True
         resp = login_view(req)
         resp2 = CsrfViewMiddleware().process_response(req, resp)
         csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, None)
diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py
index c7c25bf34f..02d92ddcd1 100644
--- a/django/middleware/csrf.py
+++ b/django/middleware/csrf.py
@@ -58,7 +58,10 @@ def rotate_token(request):
     Changes the CSRF token in use for a request - should be done on login
     for security purposes.
     """
-    request.META["CSRF_COOKIE"] = _get_new_csrf_key()
+    request.META.update({
+        "CSRF_COOKIE_USED": True,
+        "CSRF_COOKIE": _get_new_csrf_key(),
+    })
 
 
 def _sanitize_token(token):
author	Tim Graham <timograham@gmail.com>	2013-10-17 19:51:45 -0400
committer	Tim Graham <timograham@gmail.com>	2013-10-18 08:33:07 -0400
commit	0fb2897c81c6c39f5d3a94ab50070c5fe8a602ad (patch)
tree	16401d630791e7981193bcdcffab062f9d805463
parent	312ca5e9cb89af790fa8af04811a3e4c5e621758 (diff)