[Owasp-csrfguard] question about per-page prevention tokens

uh nonuhmes uhnonuhmes at gmail.com
Mon Oct 17 13:07:14 EDT 2011


hi,

i could be wrong, but it is my understanding that a unique per page token
will only be generated based on the page name (eg, foo.htm, bar.jsp,
yada.aspx, etc) but not on the page+params (eg, foo.htm?p1=1&p2=blah
or foo.htm?p1=1&p2=blahblah).  the way i see it, a "unique page" is unique
when page+params are not equal (ie, current uri vs previous uri), not just
page.

or maybe this topic has already been discussed, and i missed it in my
searches.  if so, forgive me as i am new to this list.

-- norm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20111017/35719f0e/attachment.html 


More information about the Owasp-csrfguard mailing list