One of my team has been using this and having difficulty in understanding it's implementation due to the fact that a fresh token pair is generated on every single request.
It wasn't until he told me that the ajax side of the project was complicated due to having to get access to the right token for each step of a request system that I looked up CSRF in general.
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#General_Recommendation:_Synchronizer_Token_Pattern
This is a resource that I found that suggests it should be one token per session. Is there any reason that this implementation is one per request?
One of my team has been using this and having difficulty in understanding it's implementation due to the fact that a fresh token pair is generated on every single request.
It wasn't until he told me that the ajax side of the project was complicated due to having to get access to the right token for each step of a request system that I looked up CSRF in general.
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#General_Recommendation:_Synchronizer_Token_Pattern
This is a resource that I found that suggests it should be one token per session. Is there any reason that this implementation is one per request?