Y
Hacker News
new
|
ask
|
show
|
jobs
by
onion2k
1892 days ago
Session cookies persist for the length of the session. That's still too long for a CSRF token. You should be generating a new one in every request that needs a token in the response.