stackoom
  简体   繁体   中英

Spring CSRF token life

 原文  2014-11-11 13:55:49       java/ spring-security/ csrf-protection

Question

I am implementing CSRF protection using Spring security as per the doc

One question I have is: When this token will get invalidated by the Spring security? Does the token gets invalidated for each request submit?

1 answers

solution1
 7 ACCPTED  2014-11-12 09:11:22

By default the CSRF token is stored in the HTTP session and is generated on a per-session basis. See the official Spring Security documentation for more details. Therefore, the default lifecycle of CSRF tokens is the session duration.

Like everything else in Spring Security, the storage and retrieval of CSRF tokens can be customized to suit individual needs. The way to do that would involve creating an implementation for CsrfTokenRepository . Custom implementations could change the token on a per request basis, store the token in a relational database, and so on.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Renaming Spring csrf token variable Spring Security not creating CSRF token SPRING CSRF throws 405 despite CSRF token in request Spring security csrf disabled, still get an Invalid CSRF token found Spring Security 4 JTwig put CSRF token in forms Spring: Generate new csrf token programmatically How to enable CSRF token with Spring Boot Spring Security CSRF: How to retrieve token in Java Spring Boot does not require CSRF token Different csrf token per request in Spring security
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM