Function rotate_csrf_token_in_response 

pub fn rotate_csrf_token_in_response(
    session_id: &str,
    req: &HttpRequest,
    resp: &mut HttpResponseBuilder,
    config: &CsrfMiddlewareConfig,
) -> Result<(), Error>

Rotates the CSRF token and writes any necessary cookie updates to the response.

• Double-Submit Cookie: requires a session id cookie to be present; sets a fresh HMAC-protected authorized token cookie and expires any anonymous token.
• Synchronizer Token: sets a fresh random token in server-side session and expires pre-session markers.

This function is safe to call on both safe and mutating handlers, but it is commonly used after authentication to immediately upgrade from anonymous to authorized tokens.

Errors

• Returns BadRequest when required inputs are missing (e.g., session id cookie for Double-Submit Cookie).
• Returns InternalServerError if session updates fail (Synchronizer Token) or cookies cannot be set.