python Requests login to website returns 403

I'm trying to use requests to login to a website but as you can guess I'm having a problem

here's the the code that I'm using

import requests

EMAIL = '***'
PASSWORD = '***'
URL = ''

client = requests.session(config={'verbose': sys.stderr})
login_data = {'username': EMAIL, 'password': PASSWORD,}
r =, data=login_data, headers={"Referer": "foo"})
print r

and if I print out r.text I get

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "">
<html lang="en">
<head>
<html lang="en">
  <meta http-equiv="content-type" content="text/html; charset=utf-8">
  <meta name="robots" content="NONE,NOARCHIVE">
  <title>403 Forbidden</title>
<div id="summary">
  <p>CSRF verification failed. Request aborted.</p>
  <p><small>More information is available with DEBUG=True.</small></p>


<div id="explanation">
  <p><small>More information is available with DEBUG=True.</small></p>

They're using a combination of django and pyramid.

I've been playing around with this for about two days now but, obviously, have gotten nowhere. Thanks for your help.


  • The login page uses a CSRF token to prevent cross-site scripting attacks. You'll need to retrieve that token first.

    The login page sets a cookie with the same token, we need to load the login page and grab that token first, before we pass this on to the login POST:

    client = requests.session()
    # Retrieve the CSRF token first
    client.get(URL)  # sets the cookie
    csrftoken = client.cookies['csrftoken']
    login_data = dict(username=EMAIL, password=PASSWORD, csrfmiddlewaretoken=csrftoken)
    r =, data=login_data, headers={"Referer": "foo"})