kyunggeunlee
commented
4 years ago Django rotates CSRF token on user login due to security reasons. https://docs.djangoproject.com/en/1.10/ref/csrf/#why-might-a-user-encounter-a-csrf-validation-failure-after-logging-in
If CSRF token does not rotate after login, then it is likely that there is a bug in your code. Or, this can also happen if you implemented your custom login mechanism instead of using login module provided by Django.
Django는 유저가 로그인을 할때마다 CSRF token을 rotate합니다. https://docs.djangoproject.com/en/1.10/ref/csrf/#why-might-a-user-encounter-a-csrf-validation-failure-after-logging-in
로그인을 했는데도 CSRF token이 새로 발급되지 않는다면, 구현을 잘못하셨을 가능성이 높습니다. 또는, Django에서 제공하는 로그인 모듈을 사용하지 않고 custom implementation을 한 경우에도 이런 현상이 생길 수 있습니다.
Dear TA or anyone merciful enough to answer the question
I think I have implemented Django app with careful consideration of CSRF. However, it seems it doesn't change CSRF even when I send GET /api/signout/ request and POST /api/login/ Is it normal or do I have serious problem? Also, will the test be done without CSRF except the test_csrf(self)?
If anyone knows the problem here, please answer these...