currently i'm working on hardening the security of Vaadin project and stucked in the CSRF token, the main idea is that i have sessionID before the user login and change the SessionID after successful login to avoid session fixation, the same procedure i would like to make for the CSRF -aka XSRF- token currently i have CSRF token before the login and it remains the same after a successful login which is wrong !
now i want to reinitialize the CSRF token to new value after the successful login, my question is How to change or reinitialize the token after the successful login?
