Flask-wtf: csrf_token is removed from session before I can POST my form

Okay, I finally figured out the solution to my problem. I feel like a noob (which I am).

The problem lied in the session credentials which were not sent to the server with the requests, so that the server coudldn't access the session cookie.I found the solution in the following tutorial: http://backbonetutorials.com/cross-domain-sessions/To send it, i added the following lines in my Backbone router initialize function:

// Use withCredentials to send the server cookies// The server must allow this through response headers$.ajaxPrefilter( function( options, originalOptions, jqXHR ) {    options.xhrFields = {        withCredentials: true    };});

This makes all AJAX requests include the withCredentials = true. On the server-side, I had to set Access-Control-Allow-Credentials:true. Since I'm using flask-cors, it is done with [supports_credentials=True][2] when creating the CORS object.

(I'm answering here since I can't comment)@junnytony Yes I have the token in my modal and I send it in my POSt request. When I debug the Flask application, I can see the toekn I sent with my POST request, the problem is that it should be compared to the one in the session to be validated, but the one in the session has disappearred, so the flask-wtf lib generates a new one, which results in a failure when comparing with the one I sent.