[OWASP-Bangalore] Need help on CSRF

Nagasahas Dasa nagasahas at gmail.com
Wed May 21 11:16:26 UTC 2014


Hey Guys,

I have a small confusion, CSRF Token is used to make sure that the request
is generated for the same domain right and CSRF tokens are generated
dynamically for each request. Am I right on this?

In that case what are the disadvantages/impact of having CSRF token created
once during a log in and the same token is used through out the session.

Thanks in advance! :)

-- 
Regards,
Nagasahas Dasa
Mobile: +91-9900027100
Blog: http://solidmonster.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bangalore/attachments/20140521/682c7085/attachment.html>


More information about the OWASP-Bangalore mailing list