Jump to content

Use CSRF in your own forms.


Harmster

Recommended Posts

On 10/1/2015 at 1:35 PM, Juergen said:

Thanks LostKobrakai,

now I solved it with a session id in an hidden input field that will be compared with the post value of the hidden field after submission. If session value and post value are same then send the form data and remove the session id.

If someone hits the F5 button after submission, the valid session id is no more longer available (because it was removed after submission) and so the values dont match any longer.

As a result a hint for "double submission" appear on the screen instead of submitting the form.

The reason why I missunderstood the CSRF was a post by Soma in another topic where he uses CSRF to prevent double submissions.

https://processwire.com/talk/topic/3633-prevent-form-resubmission/?p=35567

Best regards

Do you mind post the code for preventing "double submission"?

Is it save to show a session id in the form even it is a hidden field ?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...