Django 1.2 CSRF verification failed

17/02/2010

Are you updating an old Django  project to use Django 1.2, and getting this error message when you try to login to the Django admin page?

403 Forbidden

CSRF verification failed. Request aborted.
Help

Reason given for failure:

CSRF cookie not set.

Then you need to add  ‘django.middleware.csrf.CsrfViewMiddleware’, and  ‘django.middleware.csrf.CsrfResponseMiddleware’ your settings.py file. Mine looks like this:

MIDDLEWARE_CLASSES = (
‘django.middleware.common.CommonMiddleware’,
‘django.contrib.sessions.middleware.SessionMiddleware’,
‘django.contrib.auth.middleware.AuthenticationMiddleware’,
‘django.middleware.csrf.CsrfViewMiddleware’,
‘django.middleware.csrf.CsrfResponseMiddleware’,
)

Thanks to the Django docs http://docs.djangoproject.com/en/dev/ref/contrib/csrf/#how-to-use-it

There are 4 comments in this article:

  1. 28/05/2010Derek say:

    I think you need to change the ‘ quotes to normal ‘ ones, for this code to be copy-and-pasteable.

    Thanks!

  2. 28/05/2010Derek say:

    I see your blog software mangles the quotes even in these comments :(

  3. 3/06/2010adamnfish say:

    Very helpful, thanks a lot. Google to the rescue, as ever :)

  4. 24/08/2010shrenik say:

    Thanks a lot !!

    It works for me.

Write a comment: