Change ASP.NET MVC Routes dynamically

Question

usually, when I look at a ASP.Net MVC application, the Route table gets configured at startup and is not touched ever after.

I have a couple of questions on that but th

Answer 1

Considering the actual problem background, the usual approach is to include a dynamically created transaction number. It should be stored in a hidden form field as well as in the server side session dictionary and only be valid for exactly one request.

I think today a lot of frameworks provide such a security mechanism; whereas this attack type is known as Cross-Site-Request-Forgery (csrf).