Hey Dev Community! 👋
I’m working on a Django-based web application for a university research study that explores passphrases across different languages. I’ve built most of the core functionality, but I’ve hit a blocker I can’t seem to solve and could use your help.
🧠 Project Background
This is a user study platform (academic) where participants:
- Log in or sign up
- Consent to a study
- Complete a series of language-based passphrase tasks
We use Django 5.2.1, and the app has:
- Allauth (for auth, but only the backend currently)
- Custom user flow
- Consent form
- Task-based progression (task1 → task2, etc.)
❗ Problem I’m Facing
After logging in (especially in a fresh or different browser), when the user clicks “Start the Study”, they hit this:
403 Forbidden: CSRF verification failed. Request aborted.
Despite having:
-
{% csrf_token %}in the form -
CsrfViewMiddlewareactive - Proper
CSRF_TRUSTED_ORIGINSandALLOWED_HOSTS - Cookies confirmed in the browser
-
get_token(request)and@csrf_protectused
Still, the form POST fails on that „Start the Study“ step.
✅ What Works
- Viewing the home page after login also works.
- Form displays the token correctly.
- CSRF cookie is generated.
- If I refresh or re-login, it sometimes works — it’s inconsistent.
💡 What I Think Might Help
- Guidance on how to persist CSRF token between views properly?
- Is
get_token(request)necessary in views? - Anything to check in my session/cookie setup?
🔗 Project Info
- Python 3.11 / Django 5.2.1
- SQLite (for now)
- Hosted locally (localhost:8000)
- CSRF Cookie: Lax, Secure = False (for dev)
- CSRF token is present in the form
📂 Want to Help?
If you’re interested in helping me wrap this up:
- I am happy to discuss more via comments here!
Thank you in advance 🙏 — this is part of a real academic research study, so your contribution has meaningful impact!
—
P.S.: If you’ve solved a similar issue before, please drop some wisdom! I’ve debugged it for hours and feel close… but not quite there.