CSRF - logs in only the first time

后端 未结 1 390
天涯浪人
天涯浪人 2021-01-24 10:27

When I deploy my app on the server, first time I can log in without problems. But when I log out I get \"403 Forbidden\" on the logout post request. Then I cannot log in success

1条回答
  •  醉梦人生
    2021-01-24 11:10

    After certain events like login, logout, the CSRF token changes. So, the next POST request would fail, as in your case. I faced the same issue, and after some diagnosis, found that sending another GET request following login, logout etc. would be the best way to tackle it. (If you are not using CORS, you may as well have the login, logout send a redirect response). See this stackoverflow post for more details.

    0 讨论(0)
提交回复
热议问题