Closed lukasbestle closed 7 years ago
This is now fixed on the develop branch. I have also decided to generate only one CSRF token per session and not per request. This doesn't reduce security by a lot but improves UX as the browser back button and AJAX/fetch requests won't kill the token validity.
From #240: