1

I implemented an application using C# and Django, and my problem is that when I login in the client the server returns everything right, the sessionid and everything but the csrf token.

I have it on my settings file in middleware_classes. Is this because im accessing the server directly through its ip address?

My django Login function

class loginMobile(GenericAPIView):
    serializer_class = loginSerializer

    def post(self, request):
        try:
            email = request.DATA.get('email')
            password = request.DATA.get('password')

            user_django = authenticate(username=email, password=password)
            login(request, user_django)

            return Response({'success': True})
        except:
            return Response({'success': False})

my C# request:

using (HttpWebResponse response = request.GetResponse() as HttpWebResponse)
                {
                    // Get the response stream  
                    StreamReader reader = new StreamReader(response.GetResponseStream());

                        if (response.Cookies != null && response.Cookies.Count != 0)
                        {
                            this.cookie_col = response.Cookies;

                            this.cookies = new List<Cookie>();
                            foreach (Cookie c in response.Cookies)
                            {
                                this.cookies.Add(c);
                                if (c.Name.Equals("csrftoken"))
                                    this.csrf_token = c.Value;
                            }
                        }
                }

In "response.cookies" I only get the "sessionid" not the "csrftoken" Also this happening when I hosted the appplication in a server, it works like a charm on my local machine

BenMorel
  • 34,448
  • 50
  • 182
  • 322
pedrotorres
  • 1,222
  • 2
  • 13
  • 26
  • could this be the answer http://stackoverflow.com/a/16703297/202168 – Anentropic Feb 19 '14 at 14:50
  • notice I am having problems with my C# app, it works fine on the browser... – pedrotorres Feb 19 '14 at 14:52
  • I don't know anything about C# but is it possible the browser already has a csrf cookie from viewing another page, while your C# app is only calling the json(?) view which lacks the templatetag or decorator to tell Django to send the cookie? so also http://stackoverflow.com/questions/20361653/template-less-django-ajax-does-djangos-csrf-token-get-updated-during-the-cou?rq=1 – Anentropic Feb 19 '14 at 14:55
  • nope not the answer... dunno what I did when pushing the app to the server – pedrotorres Feb 19 '14 at 15:09

1 Answers1

0

So I figure out how to work around my problem,

I forced django to return the csrf token like this:

return Response({'success': True, 'csrf':csrf(request)})
pedrotorres
  • 1,222
  • 2
  • 13
  • 26