Skip to main content

Django middleware that works with session-csrf and sends a CSRF token cookie.

Project description

What is this?

django-session-csrf-cookie is Django middleware that provides a CSRF token cookie when using django-session-csrf. By design, django-session-csrf does not require a CSRF token cookie, but such a cookie is useful for AJAX requests and other web APIs, since it allows the client to get the CSRF token without parsing HTML. (Note that the cookie is not used by the server for any purpose, so the security hole django-session-csrf was designed to fix is still fixed.)


From PyPI:

pip install django-session-csrf-cookie

From github:

git clone git://

Add session_csrf_cookie.CsrfCookieMiddleware to your MIDDLEWARE_CLASSES below session_csrf.CsrfMiddleware:


Add session_csrf_cookie to INSTALLED_APPS.


session-csrf-cookie-middleware can be controlled using the following settings:


The name used for the CSRF token cookie.

Default: csrftoken


The domain to be used when setting the CSRF cookie.

Default: None


Whether to use a secure cookie for the CSRF cookie.

Default: False


Whether to set the HTTPOnly flag on the CSRF cookie.

Default: False

Project details

Release history Release notifications | RSS feed

This version


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-session-csrf-cookie-0.1.tar.gz (3.7 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page