I’m using Django 5 session auth, where django with drf is my backend and is Vuejs3.
I’m trying to gracefully handle possible error scenarios.
Since I’m using session auth with CSRF token, upon user login CSRF cookie is created in client browser as well django creates httponly sessionid cookie - My question is what to do if sometime after successful login sessionid cookie has been deleted? - API will return 403 status code, I can force logout on the fronted and delete the existing CSRF cookie… but what to do with backend and that sessionid? do i need to find it and delete it and if so how to do it without that sessionid?
Btw I’m detecting these issues in my axios interceptor, currently if I have 401 status code, I first refresh CSRF token and retrying request max up to 3 times if necessary and eventually I would force logout, is that correct way to handle 401?