CSRF mismatch among tabs when reissued via session creation, timeout, or logout

[mswinehart]

Describe the Bug

Occasional CSRF mismatch when using multiple tabs to access Bookstack. Tabs that should receive the same session cookie as another sometimes are desynced with conflicting CSRF.

Steps to Reproduce

1. Two tabs of bookstack open at the login page.
2. A user can use one page to log in to the app, do their thing and then close that tab.
3. Come back in a few minutes to the other previously open login tab, attempt a login and they'll receive a 419.

Similar thing occurs if your session is ended and you're kicked back to the login screen. If that tab is still open in the browser when you click a link open from an email/text, it will return the same 419 after login.

It's also difficult to get out of for users who aren't familiar with the error. You have to close the tab and navigate to the site again, as there doesn't seem to be an attempt to reissue an unauthorized session. You can't just reload the page.

Expected Behaviour

Expected CSRF would be reissued across sessions within the same browser on certain actions

Screenshots or Additional Context

No response

Browser Details

Chrome and Safari (haven't tested firefox yet)

Exact BookStack Version

v24.02.3

PHP Version

No response

Hosting Environment

22.04

Related Issue from Bookstack Repo

BookStackApp#4982