Bug 37553: Use CSRF token for authenicated session for POSTing

This change fixes the Koha::SVC to store the CSRF token for
the authenticated session for further POSTing.

Test plan:
0. Apply the patch
1. perl ./misc/migration_tools/koha-svc.pl \
    http://localhost:8081/cgi-bin/koha/svc koha koha 29 > bib-29.xml
2. perl ./misc/migration_tools/koha-svc.pl \
    http://localhost:8081/cgi-bin/koha/svc koha koha 29 bib-29.xml
3. Note that the following appears in STDOUT and there is no 403 error:
"update 29 from bib-29.xml"

Signed-off-by: David Nind <david@davidnind.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

misc/migration_tools/koha-svc.pl

@@ -107,7 +107,6 @@ sub new {
 
     my $get_resp   = $ua->get("$url/authentication");
     my $csrf_token = $get_resp->header('CSRF-TOKEN');
-    $self->{csrf_token} = $csrf_token;
 
     my $resp = $ua->post(
         "$url/authentication",
@@ -115,6 +114,10 @@ sub new {
     );
     die $resp->status_line unless $resp->is_success;
 
+    #NOTE: A successful authentication means we have a new CGISESSID and a new CSRF Token
+    $csrf_token = $resp->header('CSRF-TOKEN');
+    $self->{csrf_token} = $csrf_token;
+
     warn "# $user $url = ", $resp->decoded_content, "\n" if $self->{debug};
 
     $self->{ua} = $ua;