pomidor24/express_csrf

## express_csrf
User's session has a fixed size pool of tokens. New token is generated every X minutes and becomes invalid every Y minutes. You always return the most recent one and check against all tokens you have.

token_valid = 180 min
create_new_token_every = 60 min

size = 3
pool = []              // your session pool
current_version = '1'

getToken = function() {
   removeOld()

   recent_token_rec = pool.getFirst()
   if recent_token_rec && recent_token_rec.createdAt > currentTime - create_new_token_every
      return recent_token_rec.token

   if pool.size >= size)
      pool.removeLast()

   new_rec = {
      version: current_version,
      createdAt: new Date(),
      token: some_algo()
   }
   pool.addFirst(new_rec)

   return new_rec.token
}

removeOld = function() {
    for rec in pool
        if rec.createdAt + token_valid < now || rec.version != current_version
            pool.remove(rec)
}

check = function(token) {
    removeOld()
    return pool.hasRec(token)
}
	User's session has a fixed size pool of tokens. New token is generated every X minutes and becomes invalid every Y minutes. You always return the most recent one and check against all tokens you have.

	token_valid = 180 min
	create_new_token_every = 60 min

	size = 3
	pool = [] // your session pool
	current_version = '1'

	getToken = function() {
	removeOld()

	recent_token_rec = pool.getFirst()
	if recent_token_rec && recent_token_rec.createdAt > currentTime - create_new_token_every
	return recent_token_rec.token

	if pool.size >= size)
	pool.removeLast()

	new_rec = {
	version: current_version,
	createdAt: new Date(),
	token: some_algo()
	}
	pool.addFirst(new_rec)

	return new_rec.token
	}

	removeOld = function() {
	for rec in pool
	if rec.createdAt + token_valid < now \|\| rec.version != current_version
	pool.remove(rec)
	}

	check = function(token) {
	removeOld()
	return pool.hasRec(token)
	}