I have a page where the user has his list of messages, he has the possibility to delete these messages. Erasing of the messages is done via ajax:
$.post("/Message/Delete", { id: 1, antiforgery: 765764565454 });
How it would be more correct to do this:
- To have in page the antiforgery token and to add as parameter in each delete post request, in this way all the validations are cheking the same value of antiforgery token
- To change the antiforgery token each time when a delete occurs, in this case after each delete I should send the new antiforgery token and actualize the value of the token in my page( I ask myself if it's not a security hole), but in this case each delete will send different values of the antiforgery token.