X-CSRF Token

Hello friends,

After upgrading to SMP3 SP10(Previouly it was SMP3 SP03),  our web and mobile applications  started to behave strange. After debugging I found that X-CSRF token is not coming every call( Previously token would be coming for every call because we are using these apps form last two years). After going little deep I found that while making first call,  X-CSRF token is coming ,after that for further calls to get token ,it is not coming in response header for a period of  time. And If I'll try after sometime(duration - I don't know exactly) , Again I'll receive X-CSRF token.

Our URL is calling Integration Gateway.

If I'm saving the token in a local storage for the cases when token will not come from server ,I'll use it, this trick is also not working every time.

So I want to ask that is it because of upgrade or something else. Do I need to change something in coding or configuration.

Is it the standard behavior that server will not issues X-CSRF for every call,  instead it issues token for a particular time(session). If it is standard behavior than what should I do to make POST call to server.

Is there any relationship between - IAS-RS-Set-Cookie  and X-CSRF-Token which I need to consider in coding ?

I have gone through with so many threads and documents but I'm not able to identify the root cause of problem.

Cross-Site Request Forgery Protection - SAP Gateway Foundation (SAP_GWFND) - SAP Library

Current code -

var request = {  headers : {

  // object that contains HTTP headers as name value pairs

  "Authorization" : "Basic " + btoa(user_name + ":" + pass_word),

  "X-CSRF-Token" : "Fetch",

  },

  requestUri : requestUri1, // OData endpoint URI

  method : "GET",

  datatype : "json",

};

OData.read(   request,

    function(data,response) {

     var globalTocken;

       x_csrf_token = response.headers["X-CSRF-Token"];

       if(typeof(x_csrf_token) !== "undefined" ){

       globalTocken = x_csrf_token;

       localStorage.removeItem("savedTocken");

       localStorage.setItem("savedTocken",globalTocken);

       }else{

       globalTocken = localStorage.savedTocken;

       x_csrf_token = globalTocken;

     }