Django: Generate new CSRF token per request/form

Question

Can we change CSRF token per-form request or even per-request instead of same token for one active session?

Answer 1

And if you want to use it in a middleware:

from django.middleware.csrf import rotate_token

class CSRFRefresh(object):
    def process_response(self, request, response):
        rotate_token(request)
        return response

Answer 2

Assuming that you have access to the request object:

from django.middleware.csrf import rotate_token
rotate_token(request)

Answer 3

In the csrf middleware they do something like this, which overwrites the cookie set:

request.META["CSRF_COOKIE"] = _get_new_csrf_key()

You can import _get_new_csrf_key() via from django.middleware.csrf import _get_new_csrf_key(). Since is kind of a private method I would advise against some hacks like this though.