django no csrftoken in cookie

You probably want to use the ensure_csrf_cookie view decorator (available since Django 1.4). This will set the csrftoken cookie even if you don't use the {{ csrf_token }} template tag.


I had the same problem ($.cookie('csrftoken') returned 'undefined').

The problem was in my Django configuration, I commented the following line and it works:

#CSRF_COOKIE_HTTPONLY = True  # Prevent client-side JavaScript access to the CSRF cookie

I think you should provide the code how you get the csrf token in your HTML/JS code and settings for your middlewares.

First of all you should check that django.middleware.csrf.CsrfViewMiddleware is turned on.

I had a similar issue, when in python code I used request.META.get('CSRF_COOKIE') to get the token.

When you use this token in template - {% csrf_token %} Django notes that the token was rendered and sets the Cookie in CsrfViewMiddleware.process_response. If you get the token value in other way Django will miss this flag. So it will generate you a token but will not set the corresponding cookie.

I have 2 workarounds in code. You should add it to your views that are used to generate templates with JS code.

1. You can force Django to set the CSRF Cookie:

# Force updating CSRF cookie
request.META["CSRF_COOKIE_USED"] = True

2. Django sets the CSRF_COOKIE_USED automatically if you call get_token

from django.middleware.csrf import get_token
# don't use direct access to request.META.get('CSRF_COOKIE')
# in this case django will NOT send a CSRF cookie. Use get_token function
csrf_token = get_token(request)

Each one of this solutions should work separately. I advice to use get_token