Timeout is the duration for which XSRF tokens are valid. It is exported so clients may set cookie timeouts that match generated tokens.
const Timeout = 24 * time.Hour
func Generate(key, userID, actionID string) string
Generate returns a URL-safe secure XSRF token that expires in 24 hours.
key is a secret key for your application; it must be non-empty. userID is an optional unique identifier for the user. actionID is an optional action the user is taking (e.g. POSTing to a particular path).
func Valid(token, key, userID, actionID string) bool
Valid reports whether a token is a valid, unexpired token returned by Generate. The token is considered to be expired and invalid if it is older than the default Timeout.
func ValidFor(token, key, userID, actionID string, timeout time.Duration) bool
ValidFor reports whether a token is a valid, unexpired token returned by Generate. The token is considered to be expired and invalid if it is older than the timeout duration.