AddCSRFProtection adds CSRF token into the user session via secure cookie, it implements "double submit cookie" approach to check against CSRF attacks https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Double_Submit_Cookie.

ExtractTokenFromCookie retrieves a CSRF token from the session cookie.

VerifyHTTPHeader checks if HTTP header value matches the cookie.

VerifyToken validates given token based on HTTP request cookie.

CookieName is a name of the cookie.

HeaderName is the default HTTP request header to inspect.