[Fixed]-Django: Generate new CSRF token per request/form

by

10👍

In the csrf middleware they do something like this, which overwrites the cookie set: 

request.META["CSRF_COOKIE"] = _get_new_csrf_key()

You can import _get_new_csrf_key() via from django.middleware.csrf import _get_new_csrf_key(). Since is kind of a private method I would advise against some hacks like this though.

👤Torsten Engelbrecht

36👍

Assuming that you have access to the request object:

from django.middleware.csrf import rotate_token
rotate_token(request)
👤Val Neekman

3👍

And if you want to use it in a middleware:

from django.middleware.csrf import rotate_token

class CSRFRefresh(object):
    def process_response(self, request, response):
        rotate_token(request)
        return response
👤Afshin Mehrabani

Leave a comment