Hey guys, trying to wrap my head around the anti-CSRF tokens, generation/verification. For each of my forms I have it generating a token. I'm assuming we would want the verification done in Application.cfc / onRequestStart ? Is my thinking in the right direction here? Thanks.