Simple CSRF token generation & validation
Javascript
// generation
app.locals.sessionID = crypto.randomBytes(32).toString('base64');

// validation
if(req.cookies.sessionID === app.locals.sessionID){}