One of my team has been using this and having difficulty in understanding it's implementation due to the fact that a fresh token pair is generated on every single request.
It wasn't until he told me that the ajax side of the project was complicated due to having to get access to the right token for each step of a request system that I looked up CSRF in general.
This is a resource that I found that suggests it should be one token per session. Is there any reason that this implementation is one per request?
frostbitten and alexweissman
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4