Increase Django CSRF tocken longevity
I get lots of Django CSRF errors due to timeout.
In normal operations, the form submissions are OK. But, if I leave the page for a few hours and then submit it, it will fails with the
Forbidden (403)
CSRF verification failed. Request aborted
screen. To overcome this issue, I added the following line to the settings.py :
SESSION_COOKIE_AGE = 604800 # one week
But a few hours leading to timeout means that this line has had no effect. I need CSRF tokens longevity be increased to a few days rather than minutes.
How to achieve this?
Theory
CSRF_COOKIE_AGE¶ Default: 31449600 (approximately 1 year, in seconds)
The age of CSRF cookies, in seconds.
The reason for setting a long-lived expiration time is to avoid problems in the case of a user closing a browser or bookmarking a page and then loading that page from a browser cache. Without persistent cookies, the form submission would fail in this case.
Some browsers (specifically Internet Explorer) can disallow the use of persistent cookies or can have the indexes to the cookie jar corrupted on disk, thereby causing CSRF protection checks to (sometimes intermittently) fail. Change this setting to None to use session-based CSRF cookies, which keep the cookies in-memory instead of on persistent storage.
To increase the longevity of CSRF tokens in Django, you need to modify the CSRF token cookie settings. By default, Django sets the CSRF token cookie to expire when the user's session ends. However, you can extend the expiration time by configuring the CSRF_COOKIE_AGE setting in your
settings.py file.
CSRF_COOKIE_AGE = 604800 # 1 week in seconds
- In django, is there a way to directly annotate a query with a related object in single query?
- django modify FormView fields before form validation
- Django - CreateView - Send a custom Error Message if model form is not valid
- The difference between <str:slug> and <slug:slug> in urls.py of Django application
- django db with ssh tunnel
- How to order migration files across different apps in django?
- How to print a model object properly in Django?
- Django is unable to send email out even though conf is correct
- Restricting access to static files in Django/Nginx
- task receive but doesn't excute
- Caching at QuerySet level in Django
- Django: url transition doesn't work, how to fix it?
- Django django.contrib.messages add new constant messages.NOTICE
- Django Form Field validation
- docker tmpfs seems to have no effect on postgresql
- Why is Django migrate command not creating tables in database for specific app?
- Django subquery with static VALUES expression
- APIClient headers for testing
- Trying to filter "managers" field to only show managers in the currently logged in user's department
- Is Django many to many really necessary?
- why does self.<FileField_field>.path of an instance of a django model does not match the path where the file was actually uploaded
- How do I get old value and new value in pre_save function in Django?
- Django with redis is caching all pages
- Unable to form ORM queryset in Django
- Mypy: properly typing a Django mixin class when accessing a method on super()
- How do I update my code to have login and signup on the same page in django?
- Django-notifications won't sync
- Password field in Signup/Login form not appearing properly | Django | HTML | Bootstrap
- Django - Form not valid but no error
- How to assign a value to a variable in a Django template?