On 2014-11-01 08:32, Zach Borboa wrote: > Rotating the CSRF token on every request is probably not a great > idea. Tokens will become invalidated when multiple tabs are open.
I've used sites that do this and it infuriates me to no limit. Unless absolutely mandated to use them for $JOB, it's a quick way to get me to abandon a site. -tkc -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/20141101134515.0e3cb7df%40bigbox.christie.dr. For more options, visit https://groups.google.com/d/optout.
