Django Login App Returning 403 Forbidden, CSRF Issues -

i'm using tutorial try out creating django login application (super simple stuff...)

this code end in template (index.html)

<div id="login-box">             {{ state }}             <form class="login-widgets" action="/login/" method="post">                 {% if next %}                 <input class="login-widgets-text" type="hidden" name="next" value="{{ next }}" />                 {% endif %}                 username :                 <input class="login-widgets-text" type="text" name="username" value="{{ username}}" /><br />                 password :                 <input type="password" name="password" value="" /><br />                 <input class="login-button" type="submit" value="log in" />             </form>             <!--<div class="login-widgets">                 <p>username : ___________</p>                 <p>password : ___________</p>             </div>-->       </div> 

and tutorial told me add app views.py page:

def login_user(request):     state = "please log in below..."     username = password = ''     if request.post:         username = request.post.get('username')         password = request.post.get('password')          user = authenticate(username=username, password=password)         if user not none:             if user.is_active:                 login(request, user)                 state = "you're logged in!"             else:                 state = "your account not active, please contact site admin."         else:             state = "your username and/or password incorrect."      return render_to_response('index.html',{'state':state, 'username': username}) 

i set test database described in tutorial , on django docs, still login keeps getting error in browser:

forbidden (403) csrf verification failed. request aborted. 

i don't understand means csrf verification - in settings.py have set middleware_classes following:

middleware_classes = ( 'django.middleware.common.commonmiddleware', 'django.contrib.sessions.middleware.sessionmiddleware', 'django.middleware.csrf.csrfviewmiddleware', 'django.contrib.auth.middleware.authenticationmiddleware', 'django.contrib.messages.middleware.messagemiddleware', # uncomment next line simple clickjacking protection: # 'django.middleware.clickjacking.xframeoptionsmiddleware', )

but i'm not sure how verify csrf , authenticate login. far know, database super user , code above looks correct, except don't know how add csrf verification. thank help!

add {% csrf_token %}inside form. replaced hidden input key.

step step documentation.

concept explanation.