Helpdesk form: store direct access token in session once validated

[AdrienClairembault]

Checklist before requesting a review

• I have performed a self-review of my code.
• I have added tests that prove my fix is effective or that my feature works.

Description

As a reminder, this token allow a form to be accessed like this: /Form/Render/{$id}?token={$token}.

This works well when accessing a form but mean that any AJAX requested performed on the form page must also include this token to make sure the user is allowed to call it.

This is bad because it is hard to maintain (need to manually include the token everywhere) and non generic (the access policiy that deal with the token should not rely on external code that manually refer to its internal behavior).

The proposed solution is to store the submitted token in the session so it can easily be accessed by any ajax request using the session data.

This should not weaken the security as you still need the correct token to access the form in the first place.