CSRF - logs in only the first time

Question

When I deploy my app on the server, first time I can log in without problems. But when I log out I get \"403 Forbidden\" on the logout post request. Then I cannot log in success

Answer 1

After certain events like login, logout, the CSRF token changes. So, the next POST request would fail, as in your case. I faced the same issue, and after some diagnosis, found that sending another GET request following login, logout etc. would be the best way to tackle it. (If you are not using CORS, you may as well have the login, logout send a redirect response). See this stackoverflow post for more details.