From d0b900e6f52e3d16d32ae42a1f80ee61b256db18 Mon Sep 17 00:00:00 2001
From: Luke Plant <L.Plant.98@cantab.net>
Date: Tue, 27 Oct 2009 14:04:21 +0000
Subject: [PATCH] Slight change to CSRF error messages to make debugging
 easier.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@11669 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 django/middleware/csrf.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py
index ad3ab12260..80d9e16a24 100644
--- a/django/middleware/csrf.py
+++ b/django/middleware/csrf.py
@@ -145,14 +145,18 @@ class CsrfViewMiddleware(object):
                     # No CSRF cookie and no session cookie. For POST requests,
                     # we insist on a CSRF cookie, and in this way we can avoid
                     # all CSRF attacks, including login CSRF.
-                    return reject("No CSRF cookie.")
+                    return reject("No CSRF or session cookie.")
             else:
                 csrf_token = request.META["CSRF_COOKIE"]
 
             # check incoming token
             request_csrf_token = request.POST.get('csrfmiddlewaretoken', None)
             if request_csrf_token != csrf_token:
-                return reject("CSRF token missing or incorrect.")
+                if cookie_is_new:
+                    # probably a problem setting the CSRF cookie
+                    return reject("CSRF cookie not set.")
+                else:
+                    return reject("CSRF token missing or incorrect.")
 
         return accept()