Generate new CRSF token once per session instead of per request

It is tempting to generate the token once per request and have
multiple windows in the browser share the token via javascript's
session local storage.  But there are a number of race conditions,
including not being able to submit a new request in the interval
between the server sending a response and the browser receiving
the response.  Per-request CSRF tokens are just too much bother
for what you get.

diff --git a/src/pgwui_core/core.py b/src/pgwui_core/core.py
index 67b0b916f3b15a76ef5d178a04140a574d7b911d..f28b8531901e62aac239ea74e67388a85a82518e 100644 (file)
--- a/src/pgwui_core/core.py
+++ b/src/pgwui_core/core.py
@@ -699,7 +699,7 @@ class SessionDBHandler(DBHandler):
             csrf_token  Token for detecting CSRF.
         '''
         response = super().write(result, errors)
-        response['csrf_token'] = self.session.new_csrf_token()
+        response['csrf_token'] = self.session.get_csrf_token()
         return response