问题
I have two applications running on the same domain on different ports, both using csrf middleware.
When I log-in in one of the applications all POST submits from the other fail.
I presume because the SESSION_COOKIE_DOMAIN is the same.
I tried changing SESSION_COOKIE_NAME, however, the 'csrftoken' cookie is used in the forms POST request on both sites, no matter that there now is a new cookie with the name I specified.
When I post information with AJAX and get the csrf token from the cookie with the new name - it works, however, form submits fail with CSRF verification failed.
回答1:
The CSRF token cookie is named csrftoken by default, but you can control the cookie name via the CSRF_COOKIE_NAME setting. Docs.
Use a different CSRF cookie name for each app.
来源:https://stackoverflow.com/questions/28902243/multiple-django-sites-on-the-same-domain-csrf-fails