Question: Should I be able to re-use csfr tokens when using npm csurf

Question

Should I be able to re-use csfr tokens when using npm csurf

Answers 0
Added at 2016-12-13 12:12
Tags
Question

When using csurf I've noticed that if I present a previously generated and used csrf token, it is still accepted as a valid token (within the same session).

Should this be the case or am I using it wrong? I would have expected a used csrf token to become invalidated (so it can only be used once per session id).

My code looks something like this:

var express = require('express');
var bodyParser = require('body-parser');
var csurf = require('csurf');
app.use(csurf());
app.use(function (req, res, next) {
  res.locals.csrfToken = req.csrfToken();
  next();
}); 
Answers
Source Show
◀ Wstecz