Good day, i am kinda stuff with something like this, i have csrf token parameter in my request and a token, if i remove the token and set any string, it gets set as the cookie in the response any hint on how to exploit this?