Hi, we use Litium in a SPA and get the requestVerificationToken on the first page load. Do we need to set this on every page? Or create a heartbeat? Or is should if be fine for one sesson?
Litium version: 7.5
The XSRF/CSRF Prevention in ASP.NET MVC and Web Pages | Microsoft Docs have a good explanation about how it is working, article is missing information about any timeout onthe token exist.
From the comments on https://stackoverflow.com/a/27938251 it looks like the token not is expiring as default but can be implemented in the solution.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.