ASP.Net MVC RC 2 fixes the AntiForgeryToken

I can’t see anything in the release notes about it but all my previous problems with the AntiForgeryToken appear to have been fixed. I’ve now been able to remove the kludge where I removed the previous cookie to prevent a crash further down the line.

They’ve also made a change to make cookies from different web applications from stomping on each other. That’s roughly what my helper change does, but they’ve done it in a different way. They change the name of the cookie based on the application Request.ApplicationPath. I figure I’ll keep my extension but it’s neat to see they’ve come up with a way to deal with that.

The added bonus of not clearing the cookie every time (as I was before) is that the token doesn’t change and so you can use the back button (assuming you don’t use different salt on each page).