Package xsrftoken provides methods for generating and validating secure XSRF tokens.
Timeout is the duration for which XSRF tokens are valid. It is exported so clients may set cookie timeouts that match generated tokens.
Generate returns a URL-safe secure XSRF token that expires in 24 hours.
key is a secret key for your application; it must be non-empty. userID is an optional unique identifier for the user. actionID is an optional action the user is taking (e.g. POSTing to a particular path).
Valid reports whether a token is a valid, unexpired token returned by Generate.