Commit 9c33d74f authored by Luke Plant's avatar Luke Plant
Browse files

Added some explanatory comments in CsrfMiddleware 


git-svn-id: http://code.djangoproject.com/svn/django/trunk@9561 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent 4bdbd140

django/contrib/csrf/middleware.py

+7 −2
Original line number Diff line number Diff line
@@ -67,11 +67,16 @@ class CsrfResponseMiddleware(object): 
    def process_response(self, request, response):

        csrf_token = None

        try:

            # This covers a corner case in which the outgoing request

            # both contains a form and sets a session cookie.  This

            # really should not be needed, since it is best if views

            # that create a new session (login pages) also do a

            # redirect, as is done by all such view functions in

            # Django.

            cookie = response.cookies[settings.SESSION_COOKIE_NAME]

            csrf_token = _make_token(cookie.value)

        except KeyError:

            # No outgoing cookie to set session, but

            # a session might already exist.

            # Normal case - look for existing session cookie

            try:

                session_id = request.COOKIES[settings.SESSION_COOKIE_NAME]

                csrf_token = _make_token(session_id)