How to handle session and token based authentication simultaneously using middle ware in django?

Question

I want to use both token and session based authentication in my application with the priority of token. I have created two portal with the same URL one is using session and other is using token. So when session is available in cookie then token based request goes failed with "CSRF Token is missing" error message.

One solution I have in my mind using middle-ware where I can make priority to token. If both are available in request then custom middle-ware will remove session related stuffs and keep only token related information and proceed.

If anyone has solution available for this problem then please post in answer?

Thanks in advance.

Answer 1

In my case I have written custom middle-ware to handle the situation. 1. When I am login using API and api path is **/api/accounts/login**. So when request comes on this url then I am removing sessionid and csrftoken both.

When HTTP_AUTHORIZATION is available in request, I remove the session and csrftoken.

Using above two removal situation can be handled in my case.

Thanks to everyone for helping.!!

Answer 2

Django middleware execute in order according to the MIDDLEWARE_CLASSES tuple.

You'll want to ensure your Token based authentication middleware is located after AuthenticationMiddleware in MIDDLEWARE_CLASSES.

The docs describe this approach in the context of RemoteUserMiddleware.