id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
26201	Document the consequences of rotating the CSRF token on login	Wim Feijen	Vaclav Ehrlich	"Hello,

When debug is set to False, my customers can be confronted with a yellow error screen, saying:

Forbidden (403)

CSRF verification failed. Request aborted.

I believe this happens when some-one has two tabs open. He logs in and out in one tab. Then, in the other tab he fills in a form which now holds an invalid csrf-token.

I would like this error to be end-user friendly: meaning I'd rather show him a default 404-page which is defined by me and is worded in a way the end user understands. And I would like to receive an error message. 

Thanks! Wim

"	Cleanup/optimization	closed	Documentation	1.8	Normal	fixed		zachborboa@…	Accepted	1	0	0	0	0	0