Closed rglover closed 2 months ago
This is a bit confusing on a new app. It shouldn't be required, but easily switched on.
This is done but in reverse. I check if we have a registered sessions database before validating any CSRF token.
This is a bit confusing on a new app. It shouldn't be required, but easily switched on.