Why does @Html.AntiForgeryToken() generate different tokens in same response?

Question

A single Razor view contains several forms, each with its own call to @Html.AntiForgeryToken()

    @Html.AntiForgeryToken         


        

Answer 1

Surely they should be the same, because they are sent in the same Response?

The Response has nothing to do with it. @Html.AntiForgeryToken() is a static method of HtmlHelper which generates a unique token that is added to the html and the response cookie. Your calling the method multiple times so your generating multiple tokens.

If it did not generate a unique token each time it would hardly be secure.