Can we change CSRF token per-form request or even per-request instead of same token for one active session?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
In the csrf middleware they do something like this, which overwrites the cookie set:
request.META["CSRF_COOKIE"] = _get_new_csrf_key()
You can import _get_new_csrf_key() via from django.middleware.csrf import _get_new_csrf_key(). Since is kind of a private method I would advise against some hacks like this though.
回答2:
Assuming that you have access to the request object:
from django.middleware.csrf import rotate_token
rotate_token(request)
回答3:
And if you want to use it in a middleware:
from django.middleware.csrf import rotate_token
class CSRFRefresh(object):
def process_response(self, request, response):
rotate_token(request)
return response
