PHP session token can be used multipletimes?

Posted by kornesh on Stack Overflow See other posts from Stack Overflow or by kornesh
Published on 2011-01-17T20:51:34Z Indexed on 2011/01/17 20:53 UTC
Read the original article Hit count: 139

Filed under:
|
|
|

I got page A which is a normal HTML page and page which is an AJAX response page. And I want to prevent CSRF attacks by tokens. Lets say I use this method for an autocomplete form, is it possible to use same token multiple times (of course the session is only set one time) because i tired this method but the validation keep failing after the first suggestion (obviously the token has changed, somehow)

page A

<?php
session_start();
$token = md5(uniqid(rand(), TRUE));
$_SESSION['token'] = $token;
?>
<input id="token" value="<?php echo $token; ?>" type="hidden"></input>
<input id="autocomplete" placeholder="Type something"></input>
....

The form is autosubmitted every time theres a change using Jquery.

page B

<?php
session_start();
if($_REQUEST['token'] == $_SESSION['token']){
echo 'Im working fine';
}
?>

© Stack Overflow or respective owner

Related posts about php

Related posts about jQuery