I've one question, I recently put anti forgery token in all my forms and in my controller I put the ValidateAntiForgeryToken attribute.
But often my users fill a form, then came back with the browser button, make a correction in one of their mistakes, and they get the invalid anti-forgery token.
I can understand why it happens(we are going back and using an anti-forgery token that isn't valid anymore), but is there any way to avoid this behavior? Like force to reload this page?
This is odd. Antiforgery tokens are NOT one time use tokens. They can generally be happily reused within the same session. Are your users logged in at the time? The token is based on login so if they've logged back in during this time the token may no longer be valid then.