CSRF
cross site request forgery(跨站点的请求伪造)
For example: a malicious website contains a link, a form button or some JavaScript that is intended to perform some action on your website, using the credentials of a logged-in user who visits the malicious site in their browser
Middleware
a framework of hooks into Django’s request/response processing. It’s a light, low-level “plugin” system for globally altering Django’s input or output.
for example, AuthenticationMiddleware associate users with requests using session.