• Post Reply Bookmark Topic Watch Topic
  • New Topic

CSRF vulnerability issue

 
Suleman Kandagal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
i have implemented code to avoid CSRF attacks, even then i am getting one message saying ' missing one time token parameter' below is my sample code.


Please help me i need to resolve this issue ASAP.
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 35709
408
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Where in the code does the missing token error message come from. I suspect you do not have a valid session when the login page is rendered. You can verify this by looking at the source code for the log in page in the browser. If it is blank, you know this is why.

Most people don't do CSRF checking for the login page. Wgat happens if the user logs in? He has a vallid session. But the hacker can't do anything until another update request is made. And THAT request is what you add CSRF prevention to.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!