TechQA.

Need advice. Forbidden (403) CSRF verification failed. Request aborted. Django error

89 views Asked by At

I am making a website with django and when i login and go back then try to login again i get this error message.

Forbidden (403)

CSRF verification failed. Request aborted. Reason given for failure: CSRF token from POST incorrect.

When i login first it works okay, and after i get the error i go back and the login is successful again. I was just wondering what the problem is with my code.

This is the views.py

`@csrf_protect
def login(request):

    if request.method == 'POST':
        username = request.POST.get('username')
        password = request.POST.get('password')

        user = authenticate(request, username=username, password=password )
        
        if user is not None:
            auth_login(request, user)
            return redirect('homepage')
        else:
            messages.error(request, 'Username OR password is incorrect')
    

    context = {}
    return render(request, 'login.html', context)`

This is my settings.py

`MIDDLEWARE = [
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
`

This is my login.html

`<form method="POST" action=" " >
                        
                        {% csrf_token %}
                        <div class="input-group mb-3">
                            <div class="input-group-append">
                                <span class="input-group-text"><i class="fas fa-user"></i></span>
                            </div>
                            <input type="text" name="username" class="form-control input_user" value="" placeholder="Username">
                        </div>
                        <div class="input-group mb-2">
                            <div class="input-group-append">
                                <span class="input-group-text"><i class="fas fa-key"></i></span>
                            </div>
                            <input type="password" name="password" class="form-control input_pass" value="" placeholder="Password">
                        </div>
                        <div class="form-group">
                            <div class="custom-control custom-checkbox">

                            </div>
                        </div>
                        
                    <div>
                {% for message in messages %}
                <p id="messages">{{message}}</p>
                {%endfor%}
                    </div>
                            <div class="d-flex justify-content-center mt-3 login_container">
                    <button type="submit" name="button" class="btn login_btn" >Login</button>
                   </div>
                    </form>

`
django csrf django-errors
Original Q&A
1

There are 1 answers

0
Paulo Mielnichuk On

@csrf_protect is a decorator used for caché implementations along with caché decorators (that explains the described behavior).

No matter the hurdles of caching, I advise you to not use any kind of caching in a login form. Just remove the @csrf_protect from your view and your code will run. {% csrf_token %} in the template will do the job.

Related Questions in DJANGO

Related Questions in CSRF

Related Questions in DJANGO-ERRORS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions