Django - CSRF token missing or incorrect

Thomas picture Thomas · Apr 7, 2012 · Viewed 38k times · Source

I just updated my django to 1.4. But I am getting the following error when I try to submit my login form:

Forbidden (403) CSRF verification failed. Request aborted. Reason given for failure: CSRF token missing or incorrect.

In my settings.py (MIDDLEWARE_CLASSES) I had to remove the following line because its now deprecated:

'django.middleware.csrf.CsrfResponseMiddleware',

And than I started to to get this error.

Some necessary information: Urls.py

url(r'^login/$', 'django.contrib.auth.views.login', {'template_name': 'registration/login.html'}, name='login')
MIDDLEWARE_CLASSES = (
    'django.middleware.gzip.GZipMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
#   'django.middleware.csrf.CsrfResponseMiddleware',
    'django.contrib.flatpages.middleware.FlatpageFallbackMiddleware',
)

login.html

{% extends "base.html" %}
{% block title %} Login {% endblock %}
{% block content %}



   <div id="text">
        <table>
          <form action="" method="post">
          {% csrf_token %}
            <tr>
                <td><label for="username">Email:</label></td>
                <td><input type="text" name="username" value="" id="username"></td>
            </tr>
            <tr>
                <td><label for="password">Password:</label></td>
                <td><input type="password" name="password" value="" id="password"></td>
            </tr>
            <tr>
                <td><input type="submit" value="Login" />
            {% if next %}
                <input type="hidden" name="next" value="{{ next }}" /></td>
            {% else %}
                <input type="hidden" name="next" value="/" /></td>
            {% endif %}
            </tr>
          </form>
        </table>


      {% if form.errors %}
        <p class="error">User or password incorrect</p>
      {% endif %}
    </div>
{% endblock %}

Does anyone knows how to solve this problem?

Answer

okm picture okm · Apr 7, 2012

The code looks fine, Django 1.3 and 1.4 auth.views.login uses RequestContext correctly. Please check:

  • Firstly clear data of browser and try again
  • What's the value of submitted csrfmiddlewaretoken
  • Do you import correct Django?
  • Just make sure, is there UserWarning in console like?: "A {% csrf_token %} was used in a template, but the context did not provide the value. This is usually caused by not using RequestContext."