Mono<CsrfToken> saveToken->Mono<Void>

Issue: gh-4856

web/src/main/java/org/springframework/security/web/server/csrf/CsrfWebFilter.java

@@ -123,7 +123,7 @@ public class CsrfWebFilter implements WebFilter {
 
 	private Mono<CsrfToken> generateToken(ServerWebExchange exchange) {
 		return this.csrfTokenRepository.generateToken(exchange)
-			.flatMap(token -> this.csrfTokenRepository.saveToken(exchange, token));
+			.delayUntil(token -> this.csrfTokenRepository.saveToken(exchange, token));
 	}
 
 	private static class DefaultRequireCsrfProtectionMatcher implements ServerWebExchangeMatcher {

web/src/main/java/org/springframework/security/web/server/csrf/ServerCsrfTokenRepository.java

@@ -46,7 +46,7 @@ public interface ServerCsrfTokenRepository {
 	 * @param exchange the {@link ServerWebExchange} to use
 	 * @param token the {@link CsrfToken} to save or null to delete
 	 */
-	Mono<CsrfToken> saveToken(ServerWebExchange exchange, CsrfToken token);
+	Mono<Void> saveToken(ServerWebExchange exchange, CsrfToken token);
 
 	/**
 	 * Loads the expected {@link CsrfToken} from the {@link ServerWebExchange}

web/src/main/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepository.java

@@ -52,15 +52,14 @@ public class WebSessionServerCsrfTokenRepository
 	}
 
 	@Override
-	public Mono<CsrfToken> saveToken(ServerWebExchange exchange, CsrfToken token) {
+	public Mono<Void> saveToken(ServerWebExchange exchange, CsrfToken token) {
 		return exchange.getSession()
 			.doOnNext(session -> putToken(session.getAttributes(), token))
-			.flatMap(session -> session.changeSessionId())
-			.then(Mono.justOrEmpty(token));
+			.flatMap(session -> session.changeSessionId());
 	}
 
 	private void putToken(Map<String, Object> attributes, CsrfToken token) {
-		if(token == null) {
+		if (token == null) {
 			attributes.remove(this.sessionAttributeName);
 		} else {
 			attributes.put(this.sessionAttributeName, token);

web/src/test/java/org/springframework/security/web/server/csrf/WebSessionServerCsrfTokenRepositoryTests.java

@@ -78,7 +78,7 @@ public class WebSessionServerCsrfTokenRepositoryTests {
 	public void saveTokenWhenNullThenDeletes() {
 		CsrfToken token = this.repository.generateToken(this.exchange).block();
 
-		Mono<CsrfToken> result = this.repository.saveToken(this.exchange, null);
+		Mono<Void> result = this.repository.saveToken(this.exchange, null);
 		StepVerifier.create(result)
 			.verifyComplete();