Here is what I did:
I have two tabs open on my browser, and I have the login form loaded in both the tabs.
I login with the required credentials on first tab.
CSRF verification failed. Request aborted
.I have used the {% csrf_token %}
in my login form and CsrfViewMiddleware
in settings.py
.
Also, I tried the same with the default admin application and got the same error.
This is to be expected. The login operation rotates the CSRF token, otherwise it would be possible to use the token from outside the authenticated session.
Hence what happens in your case:
This is an interaction between the fact that using multiple browser tabs do not separate sessions and the fact that the login operation cycles the "cookie" CSRF token sent to you by the server.
Any page loaded before the login operation that takes place in the same session (e.g. in a different browser tab) will now have an incorrect CSRF "form" token.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With