Prepend `protect_from_forgery` in the sessionscontroller
Make sure protect_from_forgery
is done before authentication. Otherwise it might cause the authentication to fail when the token is reset during auth.
Closes #35447 (closed)
Edited by Bob Van Landuyt