From: Karl O. Pinc <kop@karlpinc.com>
Date: Tue, 27 Aug 2024 23:44:39 +0000 (-0500)
Subject: Generate new CRSF token once per session instead of per request
X-Git-Url: https://papio.biology.duke.edu/gitweb/?a=commitdiff_plain;h=11ec99cc05925e955ecff9967080ba777f0e67d7;p=pgwui_core

Generate new CRSF token once per session instead of per request

It is tempting to generate the token once per request and have
multiple windows in the browser share the token via javascript's
session local storage.  But there are a number of race conditions,
including not being able to submit a new request in the interval
between the server sending a response and the browser receiving
the response.  Per-request CSRF tokens are just too much bother
for what you get.
---

diff --git a/src/pgwui_core/core.py b/src/pgwui_core/core.py
index 67b0b91..f28b853 100644
--- a/src/pgwui_core/core.py
+++ b/src/pgwui_core/core.py
@@ -699,7 +699,7 @@ class SessionDBHandler(DBHandler):
             csrf_token  Token for detecting CSRF.
         '''
         response = super().write(result, errors)
-        response['csrf_token'] = self.session.new_csrf_token()
+        response['csrf_token'] = self.session.get_csrf_token()
         return response