Welcome Guest, Not a member yet? Register   Sign In
CSRF regenerate with AJAX
#11

(02-06-2023, 10:44 PM)SubrataJ Wrote: everything is cool but this still suxs when you are working on more than 1 tab.
I imagine you can use a setInterval func. in javascript to retrieve a fresh version of the token in whichever tab you are working...OR
BEFORE submitting the form (ev.preventDefault()), you can call the function described above - or better yet, its vanilla javascript versionfunction - when I wrote it I used to use JQuery - but I definitely advise not to use it in this day and age.
You can see things I made with codeigniter here: itart.pro its not overly impressive as I have very little time to learn.
Reply
#12

I'd suggest looking into the original security concept behind CSRF... I suspect accepting a request from any "used" token (when requesting the 2nd, 3rd, ... nth "fresh version" / new token) will compromise some of the original intent (and security) by breaking the singularity of the "active" thread between the client and the server which the CSRF tokens afford... though, perhaps it may still be good enough for some use-cases(?).
Reply




Theme © iAndrew 2016 - Forum software by © MyBB