Fork me on GitHub

hey, i’m trying to figure out why the csrf token that’s returned in the header of a request in my app stopped matching the one in [:session :ring.middleware.anti-forgery/anti-forgery-token]. it’s my understanding that ring-anti-forgery checks against the session map with the token embedded in the html and returned to server in a request (using the luminus template). any idea why it would be different? using buddy for sessions


Maybe some middleware is interfering?