[Fixed]-Django – CSRF token missing or incorrect


The code looks fine, Django 1.3 and 1.4 auth.views.login uses RequestContext correctly. Please check:

  • Firstly clear data of browser and try again
  • What’s the value of submitted csrfmiddlewaretoken
  • Do you import correct Django?
  • Just make sure, is there UserWarning in console like?: “A {% csrf_token %} was used in a template, but the context did not provide the value. This is usually caused by not using RequestContext.”


  1. For 1.3 and 1.4, “django.middleware.csrf.CsrfResponseMiddleware” should be named “django.middleware.csrf.CsrfViewMiddleware”
  2. Also, for me clearing Google Chrome’s cookies made it work.


I had similar issue where my app was deployed on HTTPS. I had to change setting flag CSRF_COOKIE_HTTPONLY to false so client server can access csrf cookie.


Clearing the Browser or Google Chrome cookies, I hope it will work.

Leave a comment