[Owasp-csrfguard] Handling Browser Refresh while using CSRF Guard

RajaManickam RajaGounder 2 rrajagounder3 at sapient.com
Mon Jan 27 07:40:20 UTC 2014

We have integrated CSRF Guard security framework in our project. The framework is configured to work on POST requests. It's working well and looking for some help on handling the browser refresh.

The problem description is below.

The user submits the form and there are server side validation errors. The user is forwarded back to the same page and error message is displayed at the form field. When the page is refreshed ,
the previous security token is sent to the server (although a new token is rendered on the page) and the request is identified as potential security threat. As a result, the user session is invalidated.

Could you please let me know the best practices around handling these scenarios?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20140127/c96f7f91/attachment.html>

More information about the Owasp-csrfguard mailing list