CSRF protection: do we have to generate a token for every form?
In general, it suffices to have just one token per session, a so called per-session token: In general, developers need only generate this token once for the current session. After initial generation of this token, the value is stored in the session and is utilized for each subsequent request until the session expires. If you … Read more