update the page's CSRF tokens with the new token from the response header, verify csrf token in ajax endpoints, initialize a session for every endpoint
