csrf开启useSession同时也写入Cookie，客户端可以沿用原来逻辑：从cookie中读取ctoken写入到httpheader，在服务端校验session中的值。

[pusongyang]

Checklist

• [x] npm test passes
• [x] tests and/or benchmarks are included
• [x] documentation is changed or added
• [x] commit message follows commit guidelines

Affected core subsystem(s)

Description of change

[codecov[bot]]

Codecov Report

Merging #64 into master will increase coverage by 0.01%. The diff coverage is 100%.

@@            Coverage Diff             @@
##           master      #64      +/-   ##
==========================================
+ Coverage   96.26%   96.28%   +0.01%     
==========================================
  Files          32       32              
  Lines         536      538       +2     
==========================================
+ Hits          516      518       +2     
  Misses         20       20

Impacted Files	Coverage Δ
config/config.default.js	100% <ø> (ø)	:arrow_up:
app/extend/context.js	100% <100%> (ø)	:arrow_up:

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update def5bfa...85ee41b. Read the comment docs.

[fengmk2]

+1，我手动合并。

[dead-horse]

@fengmk2 不合并了，这个配置项增加了复杂度，对防范没有意义。