Advanced CSRF and Stateless Anti-CSRF - owasp
Advanced CSRF and Stateless Anti-CSRF - owasp
Advanced CSRF and Stateless Anti-CSRF - owasp
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
•<br />
The 3rd Submit<br />
The server sets an httpOnly cookie<br />
esponse.setHeader("Set-Cookie",<br />
r<strong>and</strong>omName with a + r<strong>and</strong>om "=" + r<strong>and</strong>omValue name <strong>and</strong> r<strong>and</strong>om + ";<br />
HttpOnly; valuepath='/'; domain=.1-liner.org");<br />
•<br />
The server tells the client the name<br />
<strong>and</strong> value of the r<strong>and</strong>om cookie<br />
•<br />
The Client submits the name <strong>and</strong><br />
value of the cookie as a request<br />
parameter