Flask-KVSession seems to be having issues with CSRF protection token generation. It seems that it doesn't get stored or rather, "disappears" from the storage occasionally. It's very inconsistent whether I can get it to replicant or not but usually an easy way is to open two different browsers and trying to login to both using different but valid credentials.
How I initialize flask-kvsession
@create_app
store = MemcacheStore(mc=pylibmc.Client(app.config['MEMCACHE_SERVERS'], binary=True,
behaviors={'distribution': 'consistent'})
)
KVSessionExtension(store, app)
How csrf token is being generated
def generate_csrf_token():
if '_csrf_token' not in session:
session['_csrf_token'] = randomstring()
app.logger.debug("Generating a CSRF token")
app.logger.debug(session['_csrf_token'])
return session['_csrf_token']
I see that it actually stores it but then when the application goes to try and verify it, it doesn't work and says that session['_csrf_token'] doesn't exist. Any ideas?
Flask-KVSession seems to be having issues with CSRF protection token generation. It seems that it doesn't get stored or rather, "disappears" from the storage occasionally. It's very inconsistent whether I can get it to replicant or not but usually an easy way is to open two different browsers and trying to login to both using different but valid credentials.
How I initialize flask-kvsession
How csrf token is being generated
I see that it actually stores it but then when the application goes to try and verify it, it doesn't work and says that session['_csrf_token'] doesn't exist. Any ideas?