I am currently working on a application on Laravel which is a online quiz. There is a feature for resuming the user's session.
It means if the user reloads the page during the quiz his session is resumed with his filled responses. I use ajax to store users session each time he makes some changes in answers.
So, the problem is if user selects the answers fast enough to generate concurrent requests, Laravel terminates the user session so the CSRF token of the form becomes invalid.
To solve this issue I have disabled the CSRF validation for the ajax request as I think this request does not deal with any sensitive information of the website.
So I want to know that is it right to disable CSRF validation for such routes or I should find a different solution?
via Parantap Parashar