Open mandarup opened 1 year ago
I have these settings:
REST_SESSION_LOGIN = True REST_USE_JWT = True JWT_AUTH_COOKIE = 'access_token' JWT_AUTH_REFRESH_COOKIE = 'refresh_token' LOGOUT_ON_PASSWORD_CHANGE = True JWT_AUTH_COOKIE_USE_CSRF = True JWT_AUTH_COOKIE_ENFORCE_CSRF_ON_UNAUTHENTICATED = True JWT_AUTH_HTTPONLY = True
Then login @ /dj-rest-auth/login/ this adds four cookies: csrf, access, refresh, and sessionid
Then logout @ /dj-rest-auth/logout/
This fails with error:
CSRF Failed: CSRF token from the 'X-Csrftoken' HTTP header incorrect
But if I change the settings.py option:
REST_SESSION_LOGIN = False
Then I can login and log out successfully. And as expected it doesn't set sessionid cookie.
Could you please help me understand what causes this behavior ?
I have these settings:
Then login @ /dj-rest-auth/login/ this adds four cookies: csrf, access, refresh, and sessionid
Then logout @ /dj-rest-auth/logout/
This fails with error:
But if I change the settings.py option:
Then I can login and log out successfully. And as expected it doesn't set sessionid cookie.
Could you please help me understand what causes this behavior ?