The ActionToken currently only updates on login.
While this kindof works as intended, days can go by without the token changing, allowing for a large window for csrf or replay attacks / problems, ideally it should change on every request.
Potential issue: tow tabs now dont really work anymore because they fight over tokens
The ActionToken currently only updates on login.
While this kindof works as intended, days can go by without the token changing, allowing for a large window for csrf or replay attacks / problems, ideally it should change on every request.
Potential issue: tow tabs now dont really work anymore because they fight over tokens