How I should configure “csrf_token_name” and “csrf_cookie_name” for a live site?
Can somebody help me? Please!
You can leave them as is if you want. I pulled these out of the security library and moved it into config just so you have the option to name it differently.
Eric Barnes | Twitter
Ok . Thank you!
Does CSRF handle the encoding issue highlighted here in which Mike Duncan suggests to use urlencode() as a precaution?