How are CSRF tokens stored on the server side ( by spring security or tomcat)

Question

This question is not about how CSRF tokens works, but is rather about they are stored on the server side.
In short, CSRF tokens are generated by server and injected in