Ask Your Question

Create Admin User Error - "CSRF verification failed. Request aborted."

asked 2011-12-06 01:02:48 -0500

william's avatar

updated 2011-12-06 08:26:56 -0500

Evgeny's avatar

I have installed a version of Askbot on my local machine (Mac OSX). It works fine, except that it won't let me lot into the admin at all, so I cannot create an admin user.

I get the message "CSRF verification failed. Request aborted." when I try to log into admin/create a user profile.

I see previous threads suggest this is due to to mis-configuration of CSRF_COOKIE_DOMAIN in I have set this to 'localhost' -- this obviously is not working.

A separate thread on Django suggested I solve the problem by adding two lines to Middleware section -- this did not work either:

'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.csrf.CsrfResponseMiddleware',

Any suggestions for me?

edit retag flag offensive close merge delete

3 Answers

Sort by ยป oldest newest most voted

answered 2011-12-06 07:21:49 -0500

Evgeny's avatar

Please put instead an IP address - the 'localhost' value won't work.

Usually you get '' as the localhost IP address.

edit flag offensive delete link more


I have the same problem. I tried the localhost IP address, but the CSRF error persists. I also tried the ip that my internet provider gives me (dynamic), but no dice.

quesada's avatar quesada  ( 2011-12-11 21:14:16 -0500 )edit

For example, you should have: CSRF_COOKIE_DOMAIN = '', without the http:// prefix and without the port number, what is in your file? Of course you need to have either the real IP address or host name, if the host is remote, but for the local host the should work.

Evgeny's avatar Evgeny  ( 2011-12-11 21:18:23 -0500 )edit

CSRF_COOKIE_DOMAIN = ''is exactly what I have, but I still get thes CSRF error when a form button is pressed.

quesada's avatar quesada  ( 2011-12-12 13:57:45 -0500 )edit

Is that your local computer or a remote server?

Evgeny's avatar Evgeny  ( 2011-12-12 14:01:55 -0500 )edit

This is a local computer. Maybe I can use the hosts file to redirect some domain name (say to localhost, and use such domain in the CSRF_ COOKIE _DOMAIN?

quesada's avatar quesada  ( 2011-12-12 15:48:31 -0500 )edit

answered 2012-03-13 10:39:59 -0500

oguma's avatar

updated 2012-03-13 10:53:08 -0500


CSRF_COOKIE_NAME = 'localhost_csrf'    

If your server is running at,
Empty string is the answer.


edit flag offensive delete link more


Revisiting an old issue: I was recently testing on G Chrome running on, and getting the "CSRF verification failed" error. Initially, I had /DOMAIN_NAME = 'localhost'/, so I switched to /DOMAIN_NAME = ''/ as you point out, and the error went away. But then I switched back to /DOMAIN_NAME = 'localhost'/, and the error is not there anymore on subsequent server runs. So somewhere it seems there is a bug/feature where DOMAIN_NAME = 'localhost', will not work initially, but will work if the cookie has been set earlier by using the blank domain name (?!).

Basel Shishani's avatar Basel Shishani  ( 2012-06-15 02:10:21 -0500 )edit

This solution worked for me.

Cerin's avatar Cerin  ( 2013-05-29 14:29:59 -0500 )edit

answered 2011-12-14 02:28:03 -0500

Basel Shishani's avatar

Sorry this is not an answer, but I can't add comments - probably not available for new users.

I'm having the exact same issue on Debian Squeeze. I get it when I follow 'Create a password-protected account' for creating the first (admin) account:

I Installed Askbot (and django) using pip. I tried both localhost and the ip style, and tried everything mentioned above:

  • added 'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.csrf.CsrfResponseMiddleware',

  • 'django.core.context_processors.csrf' is there.

The CSRF token is there in the form, but I notice there are two of them - is that normal ?!

<form id="signin-form" method="post" action="/account/signin/"><div style='display:none;'>
<input type='hidden' id='csrfmiddlewaretoken' name='csrfmiddlewaretoken' value='0e488724a595cc9099ff83aa7ee2ac27' /></div>
<div style='display:none'>
<input type='hidden' name='csrfmiddlewaretoken' value='0e488724a595cc9099ff83aa7ee2ac27' /></div>
edit flag offensive delete link more


You need to disable the middleware and leave only the context processor.

Evgeny's avatar Evgeny  ( 2011-12-14 06:16:40 -0500 )edit

Same story:Forbidden (403)

CSRF verification failed. Request aborted.

Basel Shishani's avatar Basel Shishani  ( 2011-12-15 10:35:17 -0500 )edit

Is this something I need to investigate at Django level? Askbot is not doing anything special with CSRF - right?!

Basel Shishani's avatar Basel Shishani  ( 2011-12-15 10:39:43 -0500 )edit

No, if you set up askbot following the instructions - it should work, and test with runserver first. The key is to set the CSRF_COOKIE_DOMAIN correctly. If you still have problems maybe you could let me log in to your server and check? You can also email me your file.

Evgeny's avatar Evgeny  ( 2011-12-15 10:49:16 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2011-12-06 01:02:48 -0500

Seen: 8,665 times

Last updated: Mar 13 '12