Harmster

Use CSRF in your own forms.

27 posts in this topic

On 10/1/2015 at 1:35 PM, Juergen said:

Thanks LostKobrakai,

now I solved it with a session id in an hidden input field that will be compared with the post value of the hidden field after submission. If session value and post value are same then send the form data and remove the session id.

If someone hits the F5 button after submission, the valid session id is no more longer available (because it was removed after submission) and so the values dont match any longer.

As a result a hint for "double submission" appear on the screen instead of submitting the form.

The reason why I missunderstood the CSRF was a post by Soma in another topic where he uses CSRF to prevent double submissions.

https://processwire.com/talk/topic/3633-prevent-form-resubmission/?p=35567

Best regards

Do you mind post the code for preventing "double submission"?

Is it save to show a session id in the form even it is a hidden field ?

Share this post


Link to post
Share on other sites
6 hours ago, adrianmak said:

Do you mind post the code for preventing "double submission"?

Something like this?

 

1 person likes this

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.