Why if i change the value of the CSFR cookie my requests are still valid? I’m trying to understand how CSRF protection works in spring security 6.x.
