PHP session token can be used multipletimes?
Posted
by
kornesh
on Stack Overflow
See other posts from Stack Overflow
or by kornesh
Published on 2011-01-17T20:51:34Z
Indexed on
2011/01/17
20:53 UTC
Read the original article
Hit count: 137
I got page A which is a normal HTML page and page which is an AJAX response page. And I want to prevent CSRF attacks by tokens. Lets say I use this method for an autocomplete form, is it possible to use same token multiple times (of course the session is only set one time) because i tired this method but the validation keep failing after the first suggestion (obviously the token has changed, somehow)
page A
<?php
session_start();
$token = md5(uniqid(rand(), TRUE));
$_SESSION['token'] = $token;
?>
<input id="token" value="<?php echo $token; ?>" type="hidden"></input>
<input id="autocomplete" placeholder="Type something"></input>
....
The form is autosubmitted every time theres a change using Jquery.
page B
<?php
session_start();
if($_REQUEST['token'] == $_SESSION['token']){
echo 'Im working fine';
}
?>
© Stack Overflow or respective owner