Fix expiration dates and expire csrf tokens properly In client.py: add explicit expiration of csrf tokens to handle_csrf. There is a clean_up() that runs on every client connection before handle)csrf is invoked, but it only cleans every hour. With short lived tokens this is insufficient. Also remove debugging. In templating.py fix values for seconds/week and minutes per week. The original values were shifted/transposed and an order of magnitude off. In test_templating.py again fix seconds/week constant.