Jump to content
Harmster

Use CSRF in your own forms.

Recommended Posts

On 10/1/2015 at 1:35 PM, Juergen said:

Thanks LostKobrakai,

now I solved it with a session id in an hidden input field that will be compared with the post value of the hidden field after submission. If session value and post value are same then send the form data and remove the session id.

If someone hits the F5 button after submission, the valid session id is no more longer available (because it was removed after submission) and so the values dont match any longer.

As a result a hint for "double submission" appear on the screen instead of submitting the form.

The reason why I missunderstood the CSRF was a post by Soma in another topic where he uses CSRF to prevent double submissions.

https://processwire.com/talk/topic/3633-prevent-form-resubmission/?p=35567

Best regards

Do you mind post the code for preventing "double submission"?

Is it save to show a session id in the form even it is a hidden field ?

Share this post


Link to post
Share on other sites
6 hours ago, adrianmak said:

Do you mind post the code for preventing "double submission"?

Something like this?

 

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...