i have some question about
Access token is one of protection patterns against CSRF attack. CSRF stands for Cross-site Request Forgery. It is deeply explained here:
Especially take a look at Examples section and Prevention section.
In simple words this attack for example steals request with login information and lets intruder login in any time. If you have access token that is gone after session is gone or after opening the form another time, you are protected. I encourage you to read the article above.
I hope this helped.