On 2014-11-01 08:32, Zach Borboa wrote:
> Rotating the CSRF token on every request is probably not a great
> idea. Tokens will become invalidated when multiple tabs are open.
I've used sites that do this and it infuriates me to no limit.
Unless absolutely mandated to use them for $JOB, it's a quick way to
get me to abandon a site.
-tkc
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/20141101134515.0e3cb7df%40bigbox.christie.dr.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment