generate only one csrf token per session

some pages issue xhr which lead to new
tokens in the session and a future check
is garuanteed to fail.

includes/functions.php

@@ -59,7 +59,9 @@ function safefilerewrite($fileName, $dataToSave)
 */
 function ensureCSRFSessionToken()
 {
-    $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
+    if (empty($_SESSION['csrf_token'])) {
+        $_SESSION['csrf_token'] = bin2hex(random_bytes(32));
+    }
 }
 
 /**