Should I be able to re-use csfr tokens when using npm csurf
|Added at||2016-12-13 12:12|
When using csurf I've noticed that if I present a previously generated and used csrf token, it is still accepted as a valid token (within the same session).
Should this be the case or am I using it wrong? I would have expected a used csrf token to become invalidated (so it can only be used once per session id).
My code looks something like this: