jadacyrus·قبل 9 سنوات·discussIn addition to everything you've mentioned, the double submit cookie approach for csrf defense saves you from storing any state if you don't want to use a backend session.