This repository has been archived by the owner on Sep 14, 2022. It is now read-only.

previous token still valid #142

Closed

shamonshan opened this issue Feb 11, 2018 · 1 comment

Assignees

Labels

shamonshan commented Feb 11, 2018 •

edited

For every request it will generate new token but the old token is still valid if I make the request with old token there is no CSRF error is showing.

app.use(function(req, res, next) {
  console.log("Token",req.csrfToken());
  res.setHeader('X-CSRFTOKEN',req.csrfToken())
  next();
});

The text was updated successfully, but these errors were encountered:

Contributor

dougwilson commented Feb 11, 2018

That's as it is currently designed. Issues #120 is tracking making expiring ones, and a pull request to implement is welcome!

dougwilson closed this as completed

dougwilson added the duplicate label

dougwilson self-assigned this

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.