Hi,
I am looking for information/help about storing my token in a cookie in a safe way. Backend : Django rest framework - Frontend Reacjs I am using django-rest-framework-social-oauth2 <https://github.com/RealmTeam/django-rest-framework-social-oauth2> to get a token (from different provider). and make request to the API (it works) But everytime i refresh the page the user get logged out as the reactjs does not keep the token in a cookie and the user has to login again. i would like to keep it in a cookie to let the user make requests even if he closes the browser. I also want to secure it with csrf protection. I have spent a lot of time looking for a solution and today i have found django.contrib.sessions.backends.signed_cookies or django.contrib.sessions.backends.db The one that interest me is the django.contrib.sessions.backends.signed_cookies 1) I would like to know if a middleware exists to generate the signed cookie or if i have to create it? 2) This signed cookie will it be used by the sessionAuthentication backend or should I develop a piece of code that will get the token from the signed cookie -> authenticate the token -> allow the user to execute his request ? 3) where the signed cookie data is stored (database?) and how can i get them? 4) Is it OK to put the token in the cookie? I would like to implement an API that can authenticate web browser or mobile app 5) I want to be able to use the token to authenticate from the browser to my website (cookie to avoid that the user has to login again and again) 6) I want to use this api for a mobile app as well? so creating a cookie, does it create a conflict during the mobile app authentication? Thank you for your help! -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/f8f0f7e7-0556-4277-95ea-347552277ca5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
