[Security] Randomize CSRF token to harden BREACH attacks

[nicolas-grekas]

Q	A
Feature PR	symfony/symfony#39919
PR author(s)	@jderusse
Merged in	5.3-dev

[OskarStark]

IMO there is nothing to document, this is an internal behavior 🤔

[nicolas-grekas]

Shouldn't we tell that CSRF tokens are hardened in the doc?

[OskarStark]

Sure we can but I don't really think that someone who uses it would think that it's not "hard" or "safe" 🤔

I mean it would end up with sth like "use csrf tokens, now they are harder, so use csrf tokens"?