[BUG] bones.token in cache gets overwritten if multiple request are made in IE

[dugokontov]

This bug only occurs in IE. I have tested it in IE8 and IE9.

Minimum code to reporoduce this error is to use Bones sample application, enable PUT request in Project.server.bones.js file (by commenting line 14) and executing this code:

var modelObj = new Bones.DEBUG.models.Project({id: "underscore"});
for (var i = 0; i < 2; i++) {
    modelObj.save(modelObj.attributes, {
        success: function(arg) {
            console.log(arg);
        },
        error: function(arg) {
            console.log("it failed");
        }
    });
};

This will create two calls to server. In IE only last one will be processed, while other(s) will receive 403 error code. Inspecting request shows that bones.token key is not same in cookies and body.

In further research I found out that when more that two request are made, cookie's key would remain same for 2-4 requests, and then it would be changed. From this I concluded that issue is how CSRF is stored (bones/client/backbone.js:14).

There cookie is written in document.cookies, returned and stored in modelJSON object and after that $.ajax call has been made. My guess is that $.ajax makes ajax calls somewhat differently in IE than in other browser, because document.cokies gets overwritten by next save call.