I'm using cookie session, but was also wanting to implement some sort of CSRF protection -- are there any recommended ways of doing that at present that work alongside Ktor's session support?

IIRC @mp did a feature for that <-- https://bitbucket.org/marshallpierce/ktor-csrf

ace, I'll check it out

Let me know if you have feedback 🙂