Sometimes when we receive desired return of cookie and either header/body for csrf to match even both have right value , it still false when validated.
The culprit was the session , it seems when validating it couldn't match the session ID between generation and validation, so it failed. The option in my case that i should turn the saveUninitialized to true .
Sometimes when we receive desired return of cookie and either header/body for csrf to match even both have right value , it still false when validated.
The culprit was the session , it seems when validating it couldn't match the session ID between generation and validation, so it failed. The option in my case that i should turn the
saveUninitializedtotrue.