Little fix in csrf for use a simple token in all session

paramecio/citoplasma/httputils.py

@@ -5,19 +5,24 @@ from bottle import request, response
 from paramecio.citoplasma.sessions import get_session
 from paramecio.citoplasma.keyutils import create_key_encrypt
 
+no_csrf=False
+change_csrf=False
+
 try:
 
     from settings import config
     
-    no_csrf=False
-    
     if hasattr(config, 'no_csrf'):
         no_csrf=config.no_csrf
 
+    if hasattr(config, 'change_csrf'):
+        change_csrf=config.change_csrf
+
 except:
 
     class config:
         no_csrf=False
+        change_csrf=True
 
 
 def filter_ajax(data, filter_tags=True):
@@ -91,15 +96,17 @@ class GetPostFiles:
                 
                 self.post['csrf_token']=self.post.get('csrf_token', '')
 
-                if self.post['csrf_token']!=s['csrf_token'] and self.post['csrf_token'].strip()!="":
+                if self.post['csrf_token']!=s['csrf_token'] or self.post['csrf_token'].strip()=="":
                     
                     raise NameError('Error: you need a valid csrf_token')
                 else:
                     #Clean csrf_token
                     
-                    del s['csrf_token']
+                    if change_csrf:
                     
-                    s.save()
+                        del s['csrf_token']
+                        
+                        s.save()
                     
 
             else:

paramecio/cromosoma/formsutils.py

@@ -103,8 +103,10 @@ def csrf_token(token_id='csrf_token'):
 def generate_csrf():
     
     s=get_session()
-    s['csrf_token']=create_key_encrypt()
-    s.save()
+    
+    if not 'csrf_token' in s:    
+        s['csrf_token']=create_key_encrypt()
+        s.save()
 
     return s['csrf_token']