Y
Hacker News
new
|
ask
|
show
|
jobs
by
hansonkd
476 days ago
You don't need to store CSRF in sessions. Django doesn't by default.
CSRF token can be entirely separate from sessions.
1 comments
smagin
476 days ago
not even you don't need to, you shouldn't. Sessions shouldn't be accessible to js at all
link