Ours is a Ajax heavy application with concurrent Ajax requests. Generating unique tokens with each request or expire and creation of new tokens after a certain interval could get tricky with multiple concurrent Ajax requests.
My question comes from the suggested approach here -
Really, generating one each time the whole page is loaded should be enough if you are doing this over HTTPS, which you should be.
If we enable HTTPS, generating one CSRF token per session and using that token for all the requests in the session is enough?