About CSRF Tokens

CSRF tokens are based on a random secret value. When validating the CSRF token field value, not the full token, but only the secret is compared with the secret in the cookie value or the session. This allows developers to use tokens that change for different requests, e.g. within each Ajax call.

However, it is important to note, that each login invalidates previously valid CSRF tokens and their secrets. So if you do login by an API call, make sure to refresh the tokens in the main page.

Tips and Tricks Programming Security Django 4.2 Django 3.2 Django 2.2

Also by me

Django Paddle Subscriptions app

For Django-based SaaS projects.

Django App for You
Django GDPR Cookie Consent app

For Django websites that use cookies.

Django App for You
Django 3 Web Development Cookbook - Fourth Edition
Book for You
Django 3 Web Development Cookbook

Learn how to build practical web projects with Django 3.
1st things 1st
SaaS for You
Online prioritizer "1st things 1st"

It's not for everyone, but it might be for you!