We are using Spring MVC Architecture with Ext JS as UI. We are using multiple Asynch. requests in application. We want to implement CSRF token. Now, we can not use new CSRF token with each requests, because Asych. requests can failed. Now, another option is to keep same CSRF token per user session. Now, When we transmit CSRF token from server to UI via (HTTPRequestHeader or cookie) there is possibility that hacker can forge the requests and get CSRF token. Now, hacker can use token to send forge requests. so, how to improve CSRF implementation here.