Hi,
does anybody know the lifetime of the x-csrf-token and how this lifetime could be configured?
It seems that this lifetime is different from the property xsengine.ini->httpserver->sessiontimeout, as we have the situation in our application, that we have still a valid session so that GET requests are working fine, but POST requests are failing with the response header x-csrf-token:Refresh
We are currently cashing the x-csrf-token for 5 minutes, as we are sending a lot of POST requests and we don't want to obtain a new token for each POST request.
Regards,
Michael