Mvc3 Antiforgery token multi tabs

Question

we have a specific issue with the anti forgery token on the login page. If the user logs in with only one active window everything works great however if the user opens the

Answer 1

Once you log in, all previous tokens are invalid. That's how it's supposed to work. Naz gets close to the right answer except, the token in the cookie doesn’t store the username. Only the token in the form does. It is precisely because of this issue: if a user logs in, all existing form tokens should be invalidated, but invalidating the cookie itself would be too problematic and user-unfriendly.