I made a submit form on a page, but sometimes it happens that it says "Unable to verify your data submission.". But it never happens when we fill out the form. So i asked the visitors why it happend, it turns out if you open multiple pages of the same page this happens or if you wait long enough that the session expires, it also happens.
What could be a cure to solve this problem? I thought about putting the CSRF in a session, but i dont think this is what is suppossed todo, since the CSRF is unique on every page.
If the session expires then it’s expected to fail. Opening multiple pages at once could be a reason too cause token may get regenerated by another page.
It could be another thing. In master we’ve fixed a bug with binary data in CSRF cookies so you can try updating to code from master and see if it helps. Be aware though that master isn’t stable between releases and may contain bugs.