Using the TokenAuthentication from DRF to authenticate the web frontend. We have a situation where some times the CSRF cookie becomes invalid due to using different URLs to access the same website. Of cause the user needs to clear the cookies before they can log in again (all expected behaviour).
Would like to delete the cookies with Django by setting the CSRF_FAILURE_VIEW value within the django setting and have a custom view that calls request.session.delete()
But...
DRF overrides the function _reject for the Django class CsrfViewMiddleware which means the setting CSRF_FAILURE_VIEW is never accessed.
class CSRFCheck(CsrfViewMiddleware):
def _reject(self, request, reason):
# Return the failure reason instead of an HttpResponse
return reason
Any ideas as to how this can be addressed?