You claim in the documentation that this package is for the Double Submit Cookie Pattern. Quote from the Readme
This module provides the necessary pieces required to implement CSRF protection using the Double Submit Cookie Pattern.
In reality, it implements only the Signed Double Submit Cookie Pattern, and it's impossible to use it for the Naive Double Submit Cookie Pattern.
Background
I needed to protect some forms that are used by unauthenticated users, but it's impossible to achieve because a session is required for the CSRF token generation. If you could explain to me how to configure the package for that goal, I would be happy, but atm I don't see the way.
You claim in the documentation that this package is for the Double Submit Cookie Pattern. Quote from the Readme
In reality, it implements only the Signed Double Submit Cookie Pattern, and it's impossible to use it for the Naive Double Submit Cookie Pattern.
Background
I needed to protect some forms that are used by unauthenticated users, but it's impossible to achieve because a session is required for the CSRF token generation. If you could explain to me how to configure the package for that goal, I would be happy, but atm I don't see the way.