Monday, May 21, 2018

Double Submit Cookies Using PHP



Double Submit Cookies is another CSRF prevent method,this method is differ from last method that we’ve talkd about(Synchronizer Token gen) in Double Submit Cookies we use cookies instead of session ids.










using java-script we can load csrf token into form filed with hidden values. also in here we also check user submissions in back end,whenever user request a page he/she gets a totally random value, so he/she cant predict it and perform exploitation againts legitimate users







Download Example : https://github.com/achalapramuditha/Double_Submit_Cookies-PHP

No comments:

Post a Comment