jadacyrus·9 ปีที่แล้ว·discussIn addition to everything you've mentioned, the double submit cookie approach for csrf defense saves you from storing any state if you don't want to use a backend session.