Hi, we use Litium in a SPA and get the requestVerificationToken on the first page load. Do we need to set this on every page? Or create a heartbeat? Or is should if be fine for one sesson?
Litium version: 7.5
The XSRF/CSRF Prevention in ASP.NET MVC and Web Pages | Microsoft Docs have a good explanation about how it is working, article is missing information about any timeout onthe token exist.
From the comments on https://stackoverflow.com/a/27938251 it looks like the token not is expiring as default but can be implemented in the solution.