jadacyrus·vor 9 Jahren·discussIn addition to everything you've mentioned, the double submit cookie approach for csrf defense saves you from storing any state if you don't want to use a backend session.