A new CSRF token is generated each request

Question

A new CSRF token is generated each request

Closed this issue 10 years ago · 1 comments

I have a problem where a new CSRF token is generated in every request when I call:

token = request.session.get_csrf_token()

When debugging I found that the get_csrf_token() method always calls self.new_csrf_token(). The csrft value should, of course, be persisted to the session, but looks like that does not happen.

I have confirmed, by looking at the cookies, that I am seeing the same session on multiple requests. But always with a new CSRF token.

The problem occurs only when I use "session.type = file". The "cookie" session type works as expected.

If anyone has this working correctly, please drop a line. I am very confused, I was unable to pinpoint the problem. Here are the package versions I am using, on Python 2.7:

Beaker==1.6.4
pyramid==1.5.1
pyramid_beaker.git@9c73d0ae54fb857f5fae1454584ab95d1c3e2839#egg=pyramid_beaker-master

Answer 1 · 2014-12-05T14:27:32.000Z

The problem went away, apparently after I deleted all the domain cookies. I don't understand what happened, but see you next time.