Good day to everyone, please I am new in Django, I am building a website I want remove sessionId and csrf token from the browser after user successful logged in.
I have read some docs and other article some dev suggest to use @csrf_exempt decorator on the view but this is not working for me.
Any idea how achieve this?
Thank you for your helps in advance.
Here is the screenshot of the browse
Why you want to do this?
As user is logged in sessionId is the one thing that is required to authenticate user if you remove sessionId that means you are no longer logged in to that browser.
As for csrftoken than it is required by Django and Django itself put csrftoken to the browser. In my opinion it not required to remove sessionId and csrf token from the browser after user successful logged in.
Thank you @addwebsolution I want to do this for security reasons as I was thinking displaying these two to the browser could lead to a reply attack and the session hi-jacking.
Actually these two are included within browsers for the security reasons, see this official django docs How to use Django’s CSRF protection | Django documentation | Django
If you remove these by force that means you are removing Django’s security feature.
Thanks @addwebsolution
