Welcome Guest, Not a member yet? Register   Sign In
CSRF and double posting
#9

Ah, I think the clouds have lifted (finally). And of course they are all very different things.

1. CSRF
Yes, the CSRF token has to be posted in the form and then compared to the cookie, to see if the source of the form is genuine or not. If the source is not genuine they will not match. This has nothing to do with authorization or sessions.

2. Double clicking
Double clicking or double posting has nothing to do with CSRF. It is an entirely separate issue.

3. Sessions
Sessions are purely about authorisation and have nothing to do with authentication or csrf.

4. Authentication
Has nothing to do with authorisation, csrf or double clicking :-)

I never realized before how important cookies actually are, and how important browser security of those cookies is either.

Anyway, I am much clearer on the whole issue now, thanks Skunkbad for your input, comments and thoughts. I am really quite delighted with Firefox now and have made it my default. Will do the same in the office tomorrow.

Best wishes,

Paul.
Reply


Messages In This Thread
CSRF and double posting - by PaulD - 06-18-2016, 11:03 PM
RE: CSRF and double posting - by skunkbad - 06-19-2016, 12:05 AM
RE: CSRF and double posting - by John_Betong - 06-20-2016, 09:25 PM
RE: CSRF and double posting - by skunkbad - 06-20-2016, 10:55 PM
RE: CSRF and double posting - by PaulD - 06-19-2016, 12:43 AM
RE: CSRF and double posting - by PaulD - 06-19-2016, 01:00 AM
RE: CSRF and double posting - by PaulD - 06-19-2016, 03:19 AM
RE: CSRF and double posting - by skunkbad - 06-19-2016, 09:30 AM
RE: CSRF and double posting - by PaulD - 06-19-2016, 03:06 PM
RE: CSRF and double posting - by skunkbad - 06-19-2016, 03:35 PM
RE: CSRF and double posting - by PaulD - 06-19-2016, 05:59 PM
RE: CSRF and double posting - by spjonez - 06-20-2016, 11:18 AM
RE: CSRF and double posting - by Narf - 06-20-2016, 12:26 PM
RE: CSRF and double posting - by spjonez - 06-20-2016, 12:37 PM
RE: CSRF and double posting - by Narf - 06-20-2016, 01:49 PM
RE: CSRF and double posting - by spjonez - 06-20-2016, 02:32 PM
RE: CSRF and double posting - by PaulD - 06-20-2016, 01:46 PM
RE: CSRF and double posting - by PaulD - 06-20-2016, 04:02 PM
RE: CSRF and double posting - by spjonez - 06-20-2016, 07:00 PM
RE: CSRF and double posting - by Narf - 06-21-2016, 03:38 AM
RE: CSRF and double posting - by spjonez - 06-21-2016, 08:54 AM
RE: CSRF and double posting - by Narf - 06-22-2016, 05:14 AM
RE: CSRF and double posting - by Martin7483 - 06-23-2016, 03:35 AM



Theme © iAndrew 2016 - Forum software by © MyBB