PHP - CSRF - How to make it works in all tabs?
Posted
by Erik Persson
on Stack Overflow
See other posts from Stack Overflow
or by Erik Persson
Published on 2010-04-22T23:10:16Z
Indexed on
2010/04/22
23:13 UTC
Read the original article
Hit count: 457
Hi there,
I have readed about how to prevent CSRF-attacks in the last days. I am going to update the token in every pageload, save the token in the session and make a check when submitting a form.
But what if the user has, lets say 3 tabs open with my website, and I just store the last token in the session? This will overwrite the token with another token, and some post-action is going to fail.
Do I need to store all tokens in the session, or is there a better solution to get this working?
Best regards, Erik Persson
© Stack Overflow or respective owner