public ActionResult Post(User user) { if (user.Username == Properties.Values.DEFAULT_USERNAME && user.Password == Properties.Values.DEFAULT_PASSWORD) { token = new TokenHandler(); HttpContext.Session.SetString(Properties.Values.SESSION_KEY, HttpContext.Session.Id); token.GenerateCSRFToken(HttpContext.Session.Id); Response.Cookies.Append("CSRF-TOKEN", token.GetCSRFToken(HttpContext.Session.Id)); return(RedirectToAction("Index", "Home")); } else { ViewData["Message"] = "Incorrect username/password"; return(View("Index")); } }