Preventing CSRF?

The easiest way I found to prevent CSRF issues is:

  1. On the server side, assign an HttpOnly cookie to the client with a random (unguessable) token

  2. Place a hidden field on the form with that cookie value

  3. Upon form submit, ensure the hidden field value equals the cookie value (on the server side of things)

Tags:

Csrf

Recent Posts