When I deploy my app on the server, first time I can log in without problems. But when I log out I get \"403 Forbidden\" on the logout post request. Then I cannot log in success
After certain events like login
, logout
, the CSRF token changes. So, the next POST request would fail, as in your case. I faced the same issue, and after some diagnosis, found that sending another GET request following login
, logout
etc. would be the best way to tackle it. (If you are not using CORS, you may as well have the login
, logout
send a redirect response). See this stackoverflow post for more details.