Django: Generate new CSRF token per request/form

Question

Can we change CSRF token per-form request or even per-request instead of same token for one active session?

Answer 1

In the csrf middleware they do something like this, which overwrites the cookie set:

request.META["CSRF_COOKIE"] = _get_new_csrf_key()

You can import _get_new_csrf_key() via from django.middleware.csrf import _get_new_csrf_key(). Since is kind of a private method I would advise against some hacks like this though.