CSRF protection via Double Submit Cookie
Here we have another method of CSRF protection called Double submit cookie.
First we have to generate session identifier and set a cookie in the browser. At the same time, we need to generate the CSRF token for the session and set a cookie in the browser.
Then we have to implement a HTML form with the POST method and action should be another URL in the website.(Server.php).
Here after , run a javascript which reads the CSRF token cookie value in the browser.Then assign the
hidden field to the HTML form modifying the DOM.
When the form is submitted to the action, the CSRF token cookie will be submitted and also in the form body, the CSRF token value will be submitted.So for this i have implement a function calleed loginvaidator which will check the cokies values.
Plz visit my Github page for the soucecode -here
First we have to generate session identifier and set a cookie in the browser. At the same time, we need to generate the CSRF token for the session and set a cookie in the browser.
Then we have to implement a HTML form with the POST method and action should be another URL in the website.(Server.php).
Here after , run a javascript which reads the CSRF token cookie value in the browser.Then assign the
hidden field to the HTML form modifying the DOM.
When the form is submitted to the action, the CSRF token cookie will be submitted and also in the form body, the CSRF token value will be submitted.So for this i have implement a function calleed loginvaidator which will check the cokies values.
After this we need to call the function when the user click the submit button.
Plz visit my Github page for the soucecode -here
Comments
Post a Comment