Why does @Html.AntiForgeryToken() generate different tokens in same response?

Question

A single Razor view contains several forms, each with its own call to @Html.AntiForgeryToken()

    @Html.AntiForgeryToken         


        

Answer 1

I am afraid that won't work.

The antiforgery token also travels in the response cookie, so yours will contain just the last token, and therefore the first form will always fail.

You can try to do something like this:

@{
    ViewBag.Title = "Index";
    var token = Html.AntiForgeryToken();
}


    @token 



    @token 

I have tried it, and the same token is used in both forms.