I've been testing the output cache in DNN9.1.1 and have come across an issue with a custom module which uses [ValidateAntiForgeryToken] on all WebAPI requests. Any page which is served up from the output cache does not have a __RequestVerificationToken cookie sent with it and thus all WebAPI requests made from pages served up by the cache then fail.
Has anyone encountered this before? And does anyone have a work around?
Obviously output caching could be disabled, but that would be missing the point and I don't want to cache another version on the page by varing the cache based upon the __RequestVerificationToken as that would be a waist of memory resources. Ideally I need to find a way of serving the page up from output cache but making sure a valid __RequestVerificationToken is also set at the same time.