How to check if a request consists of session id and csref token in the cookie in Django rest framework?

my rest_framework authentication and permission classes

 "DEFAULT_PERMISSION_CLASSES": [
        "rest_framework.permissions.IsAuthenticated",
        "rest_framework.permissions.IsAdminUser",
        "rest_framework.permissions.AllowAny",
    ],
    "DEFAULT_AUTHENTICATION_CLASSES": (
        "rest_framework_simplejwt.authentication.JWTAuthentication",
        "rest_framework.authentication.SessionAuthentication",
        "rest_framework.authentication.BasicAuthentication"
    ),

login view

class UserLoginView(generics.RetrieveAPIView):
    """
    View for a user to login through 1FA.
    The view provides a post request that accepts a email and password.
    Returns a jwt token as a response to authenticated user.
    """

    throttle_scope = "login"
    permission_classes = (permissions.AllowAny,)
    serializer_class = UserLoginSerializer

    def post(self, request):
        """
        POST request to login a user.
        """
        #if session key is not present then create a session for the user
        
        serializer = self.serializer_class(data=request.data)
        serializer.is_valid(raise_exception=True)  
        if not request.session.session_key:
                request.session.save()
        return Response("logged in")

In my login view if user credentials are valid i am creating a user session if not created yet. For all other requests i need to ensure that user has a active session i.e. a session id in the cookie and csrf token to secure the application , is there method provided by rest framework to do that or i need to write my own permission classes for the views

Back to Top