Closed shamonshan closed 6 years ago
For every request it will generate new token but the old token is still valid if I make the request with old token there is no CSRF error is showing.
app.use(function(req, res, next) { console.log("Token",req.csrfToken()); res.setHeader('X-CSRFTOKEN',req.csrfToken()) next(); });
That's as it is currently designed. Issues #120 is tracking making expiring ones, and a pull request to implement is welcome!
For every request it will generate new token but the old token is still valid if I make the request with old token there is no CSRF error is showing.