stackoom
  简体   繁体   中英

csrf token doesn't match in form re-submission through browser's refresh button

 原文  2017-01-02 14:28:24       php/ csrf/ page-refresh

Question

I have a csrf token that I send within a form and also store it in the session so I can verify if they are equal when the form is submitted.

The csrf token is generated on every page load, which means the csrf token in the session is changing as well. however when I re-submit the form with the browser "refresh" button, it sends the old token which throw an error..

Is there a way to change the token in the cached browser data ?

1 answers

solution1
 1  2017-01-02 14:32:58

No. It isn't even cached data, you're asking the browser to repeat the previous request.

You might be able to avoid the problem by using the PGR pattern so that the refresh just loads a display page and doesn't resubmit the form data for processing.

That said, it is generally considered fine to generate the token once per session rather than on every page load. This would also solve problems with people accessing the site in two tabs at once.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Trying to prevent form re-submission upon refresh, can't modify header information Forcing form re-submission when user presses back button Prevent comment form re-submission Form Re-Submission using Codeigniter with POST data Preventing form re-submission without causing troubles with cookies Redirect not stopping re-submission? Change one URL variable on re-submission PHP - Is this a good method to prevent re-submission? PHP re-submission and subscription data issue php form writing to text file - prevent POST redirect re-submission
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM