p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Added some explanatory comments in CsrfMiddleware 

git-svn-id: http://code.djangoproject.com/svn/django/trunk@9561 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Luke Plant 2008-12-03 13:23:23 +00:00
parent 4bdbd1401d
commit 9c33d74f1d
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
django/contrib/csrf/middleware.py
View File

@ -67,11 +67,16 @@ class CsrfResponseMiddleware(object):
def process_response(self, request, response): def process_response(self, request, response):
csrf_token = None csrf_token = None
try: try:
# This covers a corner case in which the outgoing request
# both contains a form and sets a session cookie. This
# really should not be needed, since it is best if views
# that create a new session (login pages) also do a
# redirect, as is done by all such view functions in
# Django.
cookie = response.cookies[settings.SESSION_COOKIE_NAME] cookie = response.cookies[settings.SESSION_COOKIE_NAME]
csrf_token = _make_token(cookie.value) csrf_token = _make_token(cookie.value)
except KeyError: except KeyError:
# No outgoing cookie to set session, but # Normal case - look for existing session cookie
# a session might already exist.
try: try:
session_id = request.COOKIES[settings.SESSION_COOKIE_NAME] session_id = request.COOKIES[settings.SESSION_COOKIE_NAME]
csrf_token = _make_token(session_id) csrf_token = _make_token(session_id)