Hey Dev Community! ๐
I'm working on a Django-based web application for a university research study that explores passphrases across different languages. Iโve built most of the core functionality, but Iโve hit a blocker I can't seem to solve and could use your help.
๐ง Project Background
This is a user study platform (academic) where participants:
- Log in or sign up
- Consent to a study
- Complete a series of language-based passphrase tasks
We use Django 5.2.1, and the app has:
- Allauth (for auth, but only the backend currently)
- Custom user flow
- Consent form
- Task-based progression (task1 โ task2, etc.)
โ Problem I'm Facing
After logging in (especially in a fresh or different browser), when the user clicks โStart the Studyโ, they hit this:
403 Forbidden: CSRF verification failed. Request aborted.
Despite having:
-
{% csrf_token %}in the form -
CsrfViewMiddlewareactive - Proper
CSRF_TRUSTED_ORIGINSandALLOWED_HOSTS - Cookies confirmed in the browser
-
get_token(request)and@csrf_protectused
Still, the form POST fails on that "Start the Study" step.
โ What Works
- Viewing the home page after login also works.
- Form displays the token correctly.
- CSRF cookie is generated.
- If I refresh or re-login, it sometimes works โ it's inconsistent.
๐ก What I Think Might Help
- Guidance on how to persist CSRF token between views properly?
- Is
get_token(request)necessary in views? - Anything to check in my session/cookie setup?
๐ Project Info
- Python 3.11 / Django 5.2.1
- SQLite (for now)
- Hosted locally (localhost:8000)
- CSRF Cookie: Lax, Secure = False (for dev)
- CSRF token is present in the form
๐ Want to Help?
If youโre interested in helping me wrap this up:
- I am happy to discuss more via comments here!
Thank you in advance ๐ โ this is part of a real academic research study, so your contribution has meaningful impact!
โ
P.S.: If youโve solved a similar issue before, please drop some wisdom! Iโve debugged it for hours and feel closeโฆ but not quite there.
Top comments (0)