Regarding the article;
https://css-tricks.com/serious-form-security/
Can you explain this further for me, On every request of the form, a token will be created and stored and also sent with the form. On a view source code the hidden input field still shows the value there.
Can you explain to me one scenario where the tokens won’t match, like for example if a script was accessing the form, how would the tokens not match?
