CSRF Protection using Double Submitted Cookies

Here we will look about the Double Submitted Cookies to CSRF protection. In Synchronizer Token the client and the server should wants to generate the token value. So this process is time consuming and get load the server. For reduce this kind of issues we are using double submitted cookies. We need java script to run double submitted cookies. For that the http flag should be off. Here we are sending two cookies through the http header and the http body. Then the server will validate these two cookies and if its same it will allow, if its not deny the request.

In the client side (index.php) we create the session and store it in the cookie.After that create a token and store it in a new cookie.



After that we shoud set the estimation of hidden token as "<? echo $token ?>" This will send the hidden token to server side when client click on login button.



After that create a function to validate login in the server side


Get the full code from here

Comments

Popular posts from this blog

Nginx

AWS Configuration For RDS(postgres),ElastiCache(Redis) with ElasticBean

Use @Initbinder in Spring MVC

CSRF Protection using Synchronizer Tokens

How to read Dates with Hibernate

Add Logging Messages in Spring 5.1 - All Java Config Version

The TRUE difference between [] and {{}} bindings in Angular

Hibernate and Primary Keys