Is there a better way other than the Anti Forgery Token
like built-in functionalities in asp.net mvc2. I would like to code my own http module to avoid CSRF.
Also to my understanding the Antiforgerytoken does not generate any cookies. Is the "double-submitted cookie"
a good method?
Any best practices or suggestions.
--edit : This link is useful: Stackoverflow previous question
This library looks similar to what you are writing. http://anticsrf.codeplex.com/ It uses a cookie for a token. I've used it and it helped my project pass a security review.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.