Menu
I have two applications running on the same domain on different ports, both using csrf middleware.
When I log-in in one of the applications all POST submits from the other fail.
I presume because the SESSION_COOKIE_DOMAIN is the same.
I tried changing SESSION_COOKIE_NAME, however, the 'csrftoken' cookie is used in the forms POST request on both sites, no matter that there now is a new cookie with the name I specified.
When I post information with AJAX and get the csrf token from the cookie with the new name - it works, however, form submits fail with CSRF verification failed.
503
asked Nov 25 '25 18:11
The CSRF token cookie is named csrftoken by default, but you can control the cookie name via the CSRF_COOKIE_NAME setting. Docs.
Use a different CSRF cookie name for each app.
177
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
