[Owasp-csrfguard] Handling Browser Refresh while using CSRF Guard

Azzeddine Ramrami azzeddine.ramrami at owasp.org
Mon Jan 27 09:53:13 UTC 2014


Hi Raja,
Could you give me the following:
- CSRFGuard version
- Witch application server you use (Jboss, WebSphere, etc.) ?
- A copy of a screenshot
- A log from you application server

Thanks.
Azzeddine



On Mon, Jan 27, 2014 at 8:40 AM, RajaManickam RajaGounder 2 <
rrajagounder3 at sapient.com> wrote:

>  Hi,
> We have integrated CSRF Guard security framework in our project. The
> framework is configured to work on POST requests. It's working well and
> looking for some help on handling the browser refresh.
>
>  The problem description is below.
>
>  The user submits the form and there are server side validation errors.
> The user is forwarded back to the same page and error message is displayed
> at the form field. When the page is refreshed ,
> the previous security token is sent to the server (although a new token is
> rendered on the page) and the request is identified as potential security
> threat. As a result, the user session is invalidated.
>
>  Could you please let me know the best practices around handling these
> scenarios?
>
>  Regards,
> Raja
>
>
>
>
> _______________________________________________
> Owasp-csrfguard mailing list
> Owasp-csrfguard at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-csrfguard
>
>


-- 
Azzeddine RAMRAMI
+33 6 65 48 90 04.
Enterprise Security Architect
OWASP Leader (Morocco Chapter)
Mozilla Security Projects Mentor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20140127/d69a29d6/attachment.html>


More information about the Owasp-csrfguard mailing list