I'd like to know how long the CSRF Cookie is valid and if there's a way to extend this time?
The reason is, that I operate a forum for a couple of elder ladies. One of them, she's in her 70s, wanted to login to the forum. Despite we told her to register first, she visited the Login URL and tried to register there. Of course this didn't work, so she took a photo, sent this to my wife by whatzapp, we made a couple of calls, she did the very same thing again a couple of times. Until she realized she had the wrong URL, more than 45 minutes went by. Finally she visited the register URL, but then, after clicking on the Register button, an error occured that the session is invalid. In the URL you could see something like ?csrf=invalid (or something like this, I don't have a screenshot of this).
So, the solution was finally, to visit the main page again, do a shift-Reload (which was some kind of adventure, since she didn't even know where the reload icon resides in her browser, or even what browser she's using), go to the Register page, enter the data as fast as possible and submit. Note, that just shift-Reloading the Register page had no effect.
So, it would help a lot in my case if the CSRF validation in nodebb would be a little bit more relaxed.