Answer the question
In order to leave comments, you need to log in
Where to store the contents of the CSRF token in the Backbone client?
We have a RESTful API on Slim Framework (PHP) and a standalone client on Backbone.
For authentication and CSRF protection, it is supposed to use two tokens - Auth-token and CSRF-Token.
Auth-token creates and encrypts the server, after which it returns to the client once upon login. The client stores the encrypted Auth token in cookies and sends it to the server on every request using Backbone.Sync.
The CSRF token, in turn, does not make sense to save in cookies.
It is supposed to create a hidden field with the contents of the CSRF token in each form, or attach it to each request via Backbone.Sync.
But where to store its contents, which will be transmitted by the server again when logging in? What mechanism is used here?
Answer the question
In order to leave comments, you need to log in
It is most accurate to store it in sessionStorage, then the browser itself guarantees that the token will be saved when leaving the page, the only problem in this case is the need to log in the user on each new opened page (tabe).
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question