Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vitaliy Semyanchuk2014-01-29 14:22:25
CSRF
Vitaliy Semyanchuk, 2014-01-29 14:22:25

How to protect yourself from CSRF?

Good afternoon.
So I want to protect myself from CSRF, I read it, I decided to make a hidden field and generate a token there, save it to the session and then check it on the server with what came. Only one thing worries me, unless the request that will come from an attacker, for example from an iframe, will not have a session that is created when the form appears?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
[
[email protected]><e, 2014-01-29
@barmaley_exe

He can and will have a correct session, but an attacker will not be able to indicate the correct (coinciding with what is recorded in the session) token in the form, because he has no way to recognize it.

Similar questions
M
MdaUZH2016-01-19 16:54:14
CSRF secret key, eternal session? 2Reply
T
theaidem2014-03-16 14:28:52
Should I use captcha in Express? 1Reply
K
Kirill Plotnikov2019-02-22 05:34:07
How to make browser stop swearing at cors request with credentials? 0Reply
M
Morfeey2019-03-20 17:17:09
What could be the reason for the 419 error (page expired) when sending a post request? 2Reply
V
Vladimir2019-04-01 12:23:06
How to log in to a site with CSRF protection? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question