According to docs.microsoft.com ASP.NET core implements the Synchronizer Token Pattern to mitigate CSRF.
The Anti request forgery mechanism has many drawbacks impacting users:
ex 1: login page opened in 2 tabs
- Open the login page in two different tabs
- User A logs from Tab 1 (No issues)
- Without refreshing the Tab 2, user B tries to log in.
=> Produces a 400 page with AntiforgeryValidationException
reference 1,
reference 2
ex 2: a form opened in 2 tabs (from the …