django does not send csrf token again after browser cookies has been cleared
I had the same problem. After debugging against django source, the reason is:
If your view is not rendering a template containing the csrf_token template tag, Django might not set the CSRF token cookie.
Two solutions:
- Add
{% csrf_token %}
in your template - Use
@ensure_csrf_cookie
decorator for your view
For detail your can refer django doc.
Look at django/middleware/csrf.py
in which CsrfViewMiddleware
class is declared. As you can see in def process_response(self, request, response)
there are three conditions that prevent cookie setup:
def process_response(self, request, response):
if getattr(response, 'csrf_processing_done', False):
return response
# If CSRF_COOKIE is unset, then CsrfViewMiddleware.process_view was
# never called, probaby because a request middleware returned a response
# (for example, contrib.auth redirecting to a login page).
if request.META.get("CSRF_COOKIE") is None:
return response
if not request.META.get("CSRF_COOKIE_USED", False):
return response
# Set the CSRF cookie even if it's already set, so we renew
# the expiry timer.
response.set_cookie(settings.CSRF_COOKIE_NAME,
request.META["CSRF_COOKIE"],
max_age = 60 * 60 * 24 * 7 * 52,
domain=settings.CSRF_COOKIE_DOMAIN,
path=settings.CSRF_COOKIE_PATH,
secure=settings.CSRF_COOKIE_SECURE
)
# Content varies with the CSRF cookie, so set the Vary header.
patch_vary_headers(response, ('Cookie',))
response.csrf_processing_done = True
return response
Check which is applied for you.