Can't use multiple tabs

[mrphlip]

If you try to open the lrrbot website on multiple tabs, then the CSRF token on one tab will override the other and you won't be able to use forms on the site.

This is because flask-csrf generates a new token every page-load, and then the previous token is no longer valid. It doesn't seem to have any configuration to change this.

Possibly we should change to a module like flask-seasurf - as this generates a single token per session, which still works to prevent CSRF, but would allow multiple tabs (and would simplify some of our ajax callbacks to not have to handle generating a new token after each request).