CSRF Protection using Double Submitted Cookies
Here we will look about the Double Submitted Cookies to CSRF protection. In Synchronizer Token the client and the server should wants to generate the token value. So this process is time consuming and get load the server. For reduce this kind of issues we are using double submitted cookies. We need java script to run double submitted cookies. For that the http flag should be off. Here we are sending two cookies through the http header and the http body. Then the server will validate these two cookies and if its same it will allow, if its not deny the request.
In the client side (index.php) we create the session and store it in the cookie.After that create a token and store it in a new cookie.
After that we shoud set the estimation of hidden token as "<? echo $token ?>" This will send the hidden token to server side when client click on login button.
After that create a function to validate login in the server side
Get the full code from here
In the client side (index.php) we create the session and store it in the cookie.After that create a token and store it in a new cookie.
After that we shoud set the estimation of hidden token as "<? echo $token ?>" This will send the hidden token to server side when client click on login button.
After that create a function to validate login in the server side
Get the full code from here
Comments
Post a Comment