i'm using the vokuro as an example for creating a login form + action but the login failed at csrf validation. but if i use vokuro it's not a problem. i suspect it's something to do with the getSessionToken() and getToken() function because they return different result where it's should be the same.
any ideas? thanks for any input