[OWASP-Bangalore] Need help on CSRF

• Previous message: [OWASP-Bangalore] [null] Application Pent Test Process query
• Next message: [OWASP-Bangalore] Need help on CSRF
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hey Guys,

I have a small confusion, CSRF Token is used to make sure that the request
is generated for the same domain right and CSRF tokens are generated
dynamically for each request. Am I right on this?

In that case what are the disadvantages/impact of having CSRF token created
once during a log in and the same token is used through out the session.

Thanks in advance! :)

-- 
Regards,
Nagasahas Dasa
Mobile: +91-9900027100
Blog: http://solidmonster.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bangalore/attachments/20140521/682c7085/attachment.html>

• Previous message: [OWASP-Bangalore] [null] Application Pent Test Process query
• Next message: [OWASP-Bangalore] Need help on CSRF
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]