private function startSession() { $session = new Session(); $session->setName('flarum_session'); $session->start(); if (!$session->has('csrf_token')) { $session->set('csrf_token', Str::random(40)); } return $session; }