Matthias Nagel

> One of the advantage of Livewire is to be able to be able to apply php logic on the server side rather on the client side. This is quite...

Please give me the chance to do a review, too, before merge.

After I went through the whole PR and the frontend I have learned that the token is a symmetric, shared secret. This answers my question from above. But in this...

Yes, I saw that difference. And I am somehow inclined to say that users need to be authenticated first, before they can see their own token. But this argument would...

I had to simplify the middleware `VerifyCrsfToken` because I could not stand the number of `return` in the method which really makes it hard to reason about what this method...

@qwerty287 Given my remark about putting the user object properly into the initialization part. I will create a PR for that. This will close some the TODOs which I added...

> @qwerty287 Given my remark about putting the user object properly into the initialization part. I will create a PR for that. This will close some the TODOs which I...

> We could always hash the token. You're back to "show once", but that could well be why "proper" services do it that way. I don't think the argument that...

> That's not what I meant :) Of course it's best to encrypt (or hash) it, but the main difference to a password is that it's randomly generated. The main...

While I believe that the code is correct, I am currently unable to write proper tests for it. Again, the problem is that the application object survives between tests. As...