May I know the advantages of keep changing tokens?
As far as I know, only one csrf secret is created with each session, therefore, all tokens will be valid within same session (elder one wont be expired as the result of creating new one).
Can I simply create one token while creating the session and always return the same token for all incoming requests?
ctx.session.csrf = ctx.csrf;
// then always return ctx.session.csrf
May I know the advantages of keep changing tokens?
As far as I know, only one csrf secret is created with each session, therefore, all tokens will be valid within same session (elder one wont be expired as the result of creating new one).
Can I simply create one token while creating the session and always return the same token for all incoming requests?