问题
I've run into this issue before and solved it, but this just popped up totally randomly (or so it seems). I've just come back to my Django project after a little while away from it...when logging in I forgot my web username and it gave me the appropriate error message Sorry, that's not a valid username or password. So to solve this I created a new superuser (since I had also forgot my admin username) so I could check what my web username was. I did that successfully, but now when I try to login I get the CSRF error (whether the username or password is correct or not). I have no idea how this happened since it was validating properly 10 seconds ago and I didn't change a single line of code.
{% extends "base.html" %}
{% block content %}
<title>{% block title %} | Login{% endblock %}</title>
<h2>Login</h2>
{% if form.errors %}
<p class="error">Sorry, thats not a valid username or password</p>
{% endif %}
<form action="/accounts/auth/" method="POST">{% csrf_token %}
<label for="username">Username: </label>
<br>
<input type="text" name="username" value="" id="username">
<br><br>
<label for="password">Password: </label>
<br>
<input type="password" name="password" value="" id="password">
<br><br>
<input type="submit" value="Login">
</form>
{% endblock content %}
回答1:
For security purposes, the CSRF token is changed ('rotated') when you log in. If you open a page in Tab A, then log in on Tab B, then attempt to submit the form in Tab A, you will get a CSRF error, because the CSRF token in Tab A is out of date.
When you refresh Tab A, a new CSRF token is loaded, and the errors will stop.
来源:https://stackoverflow.com/questions/33882819/csrf-token-missing-or-invalid-django