I've always wondered why many web frameworks have an elaborate "session management" feature. What would you store in such a session other than a CSRF token and user id?
(And, technically, you don't even need to store a CSRF token, that could just as easily be derived from the session id)
Welcome to your niu world ! We are a cute and loving international community Ｏ(≧▽≦)Ｏ !