Github user rnewson commented on the pull request:
https://github.com/apache/couchdb-couch/pull/80#issuecomment-127039360
So I've added the refresh.When a cookie is more than halfway through its
lifetime (which defaults to an hour) a replacement cookie is sent.
Additionally, if you send the CSRF header but not the cookie, that's a 400
Bad Request. This helps clients stay safe (they won't think that just sending
the header and getting a non-error response means that they are protected by
the CSRF mechanism.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
