AddCSRFProtection adds CSRF token into the user session via secure cookie, it implements "double submit cookie" approach to check against CSRF attacks https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Double_Submit_Cookie.

ExtractTokenFromCookie retrieves a CSRF token from the session cookie.

VerifyHTTPHeader checks if HTTP header value matches the cookie.

VerifyToken validates given token based on HTTP request cookie.

CookieName is the name of the CSRF cookie.

HeaderName is the default HTTP request header to inspect.