module Roda::RodaPlugins::RouteCsrf::InstanceMethods

JSON is used for session serialization).
secret, stored base64 encoded in the session (to handle cases where
If a secret has not already been specified, generate a random 32-byte

def csrf_secret
  key = session[csrf_options[:key]] ||= SecureRandom.base64(32)
  Base64_.decode64(key)
end