ServerResultUtils.splitSetCookieHeaders (3.76%)
- half of this is regex pattern matching
- half is Scala collections overhead
- SUGGESTION: replace flatMap with a while loop operating on the regex
ServerResultUtils.prepareCookies (12.9%) + CSRFAction$SignedTokenProvider.generateToken (7.43%) = 20.3%
- change CSRF so we delay adding a cookie to the result until actually needed (i.e. when first used in a CSRF-protected form)
- when receiving a request CSRF filter adds a CSRFToken object to request attribute
- CSRFToken object's value is either read from the request or it's lazy - no data at first
- when first read, e.g. by adding token to a form, lazily generates a value