Advanced CSRF and Stateless Anti-CSRF - owasp
Advanced CSRF and Stateless Anti-CSRF - owasp
Advanced CSRF and Stateless Anti-CSRF - owasp
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
The 3rd Submit<br />
•<br />
The server sets an httpOnly cookie<br />
with a r<strong>and</strong>om name <strong>and</strong> r<strong>and</strong>om<br />
value<br />
script><br />
• ar ANTI_<strong>CSRF</strong>_TRIPLE The server tells the = ;<br />
/script> <strong>and</strong> value of the r<strong>and</strong>om cookie<br />
•<br />
The Client submits the name <strong>and</strong><br />
value of the cookie as a request<br />
parameter