Currently CSRF token timeout is hard-coded at 1800 seconds. This often becomes inconvenient when I want to perform an action on a page that I loaded a while ago. A couple of typical cases:
For myself, I don't see much threat from increasing CSRF lifetime to something on the order of several hours, so I would like to have that option.
Hey, I just added support for a new
csrf_token_exp
config item (and also extended the default one to 3600 seconds).Thanks!
Thank you!