Welcome Guest, Not a member yet? Register   Sign In
Storing previous URL as session data
#5

[eluser]crikey[/eluser]
Thanks n0xie, I see what you mean (just did some reading on CSRF).

Question: is it possible that the same exploit could happend using CSRF, given that POST requests can also be made via an AJAX call?

I'm doing checks to make sure the user is logged in and the item being deleted belongs to the logged in user.

Thanks,
Grant


Messages In This Thread
Storing previous URL as session data - by El Forum - 04-13-2010, 01:36 AM
Storing previous URL as session data - by El Forum - 04-13-2010, 01:50 AM
Storing previous URL as session data - by El Forum - 04-13-2010, 02:33 AM
Storing previous URL as session data - by El Forum - 04-13-2010, 02:39 AM
Storing previous URL as session data - by El Forum - 04-13-2010, 03:51 AM
Storing previous URL as session data - by El Forum - 04-13-2010, 05:30 AM
Storing previous URL as session data - by El Forum - 04-13-2010, 02:18 PM
Storing previous URL as session data - by El Forum - 04-13-2010, 02:35 PM
Storing previous URL as session data - by El Forum - 04-13-2010, 03:17 PM
Storing previous URL as session data - by El Forum - 04-13-2010, 08:50 PM
Storing previous URL as session data - by El Forum - 04-13-2010, 11:12 PM
Storing previous URL as session data - by El Forum - 04-14-2010, 03:19 AM
Storing previous URL as session data - by El Forum - 04-14-2010, 08:31 AM
Storing previous URL as session data - by El Forum - 04-14-2010, 08:59 AM
Storing previous URL as session data - by El Forum - 04-14-2010, 09:12 AM
Storing previous URL as session data - by El Forum - 04-14-2010, 09:38 AM
Storing previous URL as session data - by El Forum - 04-14-2010, 09:53 AM



Theme © iAndrew 2016 - Forum software by © MyBB