diff --git a/djangorestframework/authentication.py b/djangorestframework/authentication.py
index be22103e6..a40c5e653 100644
--- a/djangorestframework/authentication.py
+++ b/djangorestframework/authentication.py
@@ -82,6 +82,7 @@ class UserLoggedInAuthentication(BaseAuthentication):
     """
     Use Django's session framework for authentication.
     """
+    check_csrf = True
 
     def authenticate(self, request):
         """
@@ -91,7 +92,7 @@ class UserLoggedInAuthentication(BaseAuthentication):
         # TODO: Switch this back to request.POST, and let FormParser/MultiPartParser deal with the consequences.
         if getattr(request, 'user', None) and request.user.is_active:
             # If this is a POST request we enforce CSRF validation.
-            if request.method.upper() == 'POST':
+            if request.method.upper() == 'POST' and self.check_csrf:
                 # Temporarily replace request.POST with .DATA,
                 # so that we use our more generic request parsing
                 request._post = self.view.DATA
diff --git a/djangorestframework/builtins.py b/djangorestframework/builtins.py
index 3056b2880..122bc01c3 100644
--- a/djangorestframework/builtins.py
+++ b/djangorestframework/builtins.py
@@ -1,5 +1,6 @@
 from djangorestframework.mixins import ListModelMixin, InstanceMixin
 from django.conf.urls.defaults import patterns, url
+from django.views.decorators.csrf import csrf_exempt
 
 class DjangoRestFrameworkSite(object):
     app_name = 'api'