I’ve tried to get csurf to work but seem to have stumbled upon something. The code so far looks like this: index.ejs Where you insert password and username in the form. app.js Where I’ve put csrf after session and cookie parser. index.js What I get after submiting the form, no matter if I insert the correct username and password or