Saturday, May 12, 2018

Cross Site Request Forgery with Synchronizer Token Patterns



An anti-CSRF token is created and stored in the user session and in a hidden field on subsequent form submits. At every submit, the server checks the token from the session matches the one submitted from the form.

How to implement

For the ease of you implementation you can download my source code from below link.

https://github.com/tharushi-pushpakumara/Cross-site-Request-Forgery-with-Synchronizer-Token-Patterns

Basically we need 3 php files.

  1. control.php
  2. index.php
  3. logout.php

Index.php

This is the main page and it's php code to validate the credentials.


When the user click on login button it redirects to another web page where the user need to provide some details. I have named it as control.php. Through this php file CSRF token is generated.

This is one way to be protected from CSRF attacks. Double submit cookie is an another way to be protected from this type of attack.
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Cross Site Request Forgery Protection with Double Submit Cookies Patterns

When a user authenticates to a site, the site should generate a (cryptographically strong) pseudo-random value and set it as a cookie on the...