Prevent Cross-site request forgery - Never Rely on The SessionID Sent to Your Server in The Cookie H

Posted by Yan Cheng CHEOK on Stack Overflow See other posts from Stack Overflow or by Yan Cheng CHEOK
Published on 2010-04-05T16:40:26Z Indexed on 2010/04/05 16:43 UTC
Read the original article Hit count: 306

Filed under:
|

I am reading the tutorial at

http://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecurityFAQ

It states

Remember - you must never rely on the sessionID sent to your server in the cookie header ; look only at the sessionID that your GWT app sends explicitly in the payload of messages to your server.

Is it use to prevent http://en.wikipedia.org/wiki/Cross-site_request_forgery#Example_and_characteristics

With this mythology, is it sufficient enough to prevent to above attack?

© Stack Overflow or respective owner

Related posts about gwt

Related posts about security