[OWASP-Bangalore] Need help on CSRF
nagasahas at gmail.com
Wed May 21 11:16:26 UTC 2014
I have a small confusion, CSRF Token is used to make sure that the request
is generated for the same domain right and CSRF tokens are generated
dynamically for each request. Am I right on this?
In that case what are the disadvantages/impact of having CSRF token created
once during a log in and the same token is used through out the session.
Thanks in advance! :)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Bangalore