Reputation: 4023
Renew CSRF_TOKEN
I have an application and I want the user to be able to change the password, while staying logged in.
I'm doing this:
request.user.set_password(password)
request.user.save()
request.user.backend='django.contrib.auth.backends.ModelBackend'
auth_login(request, request.user)
It changes the password and I log in again to keep the user session. But apparently if I do this the CSRF_TOKEN which I have saved in my js client as a variable is no longer valid and I can't use it for POST requests.
Is there a way to renew the CSRF_TOKEN and send it to the client?
Upvotes: 0
Views: 239
Answers (1)
Reputation: 2214
From the view, you can get the token with this:
from django.core.context_processors import csrf
print unicode(csrf(request)['csrf_token'])
As far as how to update your js client I would need more details about it before giving good advice. I imagine it would be as simple as returning the new token from the login request. I imagine your login is ajax so you could return the new token in the response and write some JS to update your stored token:
import json
return HttpResponse(json.dumps({"csrf_token": unicode(csrf(request)['csrf_token'])), content_type="application/json")
Upvotes: 2
Related Questions
- django csrf token : CSRF token missing or incorrect
- CSRF token missing or incorrect in django
- Django 1.10 Using csrf Token
- Django: Generate new CSRF token per request/form
- Trouble with CSRF token in Django
- Handling CSRF tokens in Django
- How to use Django CSRF token correctly?
- Django csrf token
- csrf token Follow up
- django and csrf_token problem