Advanced CSRF and Stateless Anti-CSRF - owasp
Advanced CSRF and Stateless Anti-CSRF - owasp
Advanced CSRF and Stateless Anti-CSRF - owasp
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
The 3rd Submit<br />
•<br />
The server sets an HttpOnly cookie<br />
with a r<strong>and</strong>om name <strong>and</strong> r<strong>and</strong>om<br />
value<br />
•<br />
The server tells the client the value<br />
of the r<strong>and</strong>om cookie, not the name<br />
•<br />
The client submits the value of the<br />
cookie as a request parameter