Django CSRF Failure After Upgrade 1.9 > 1.11

Question

I\'ve just upgraded an app I\'m developing from 1.9 to 1.11 and am getting constant errors on all form posts:

CSRF token missing or incorrect.

Answer 1

Django 1.10 introduced salted CSRF tokens that change every time the user logs in:

Changed in Django 1.10:

Added salting to the token and started changing it with each request to protect against BREACH attacks.

You will have to log out and back in again to generate a new salted token before your forms will work.

Melvyn suggests clearing your session store in a comment. That would work too, and is probably a better option if you have many users.

You might also have to modify your middleware settings to reflect the new style introduced in Django 1.10. The old MIDDLEWARE_CLASSES setting is deprecated in favour of MIDDLEWARE. Make sure that 'django.middleware.csrf.CsrfViewMiddleware' is included in your MIDDLEWARE. If you have custom middleware (or if you're using libraries that use old-style middleware) it will have to be updated.