I see in views/layout/main.php file that, in the HTML header, is injected this code
<?= Html::csrfMetaTags() ?>
That is generating, at every page reload, a different token, like the following one
<meta name="csrf-param" content="_csrf"> <meta name="csrf-token" content="RXFWNWU5amN8KzxiMEMyIXUXEXtQcjozKBwPTAQJXRkDADcYLUMmIA==">
Is this to avoid CSRF (aka Sea-surf, aka XSRF) attacks? If yes, is this something that Yii 2 will care about automatically, or must I handle this param/token in someway?