CSRF token mismatch in Apache Flask due to session reset CSRF token mismatch in Apache Flask due to session reset flask flask

CSRF token mismatch in Apache Flask due to session reset


apache python-2.7 flask csrf flask-wtforms

What happens here is that you store your sessions using Flask-KVSession, and provide a memory based DictStore as a storage:

from simplekv.memory import DictStorestore = DictStore()KVSessionExtension(store, app)

Root cause

In a single-threaded environment, this will work. However, when multiple processes comes into play, they do not share the same memory, and multiple instances of DictStore are created, one per process. As a result, when two subsequent requests are served by two different processes, first request will not be able to pass session changes to a next request.

Or, even shorter: Two processes = two CSRF tokens. Not good.

Solution

Use a persistent storage. This is what I use:

def configure_session(app):    with app.app_context():        if config['other']['local_debug']:            store = simplekv.memory.DictStore()        else:            store = simplekv.db.sql.SQLAlchemyStore(engine, metadata, 'sessions')        # Attach session store        flask_kvsession.KVSessionExtension(store, app)

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last