Win a copy of Building Blockchain Apps this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Liutauras Vilda
  • Knute Snortum
  • Bear Bibeault
Sheriffs:
  • Devaka Cooray
  • Jeanne Boyarsky
  • Junilu Lacar
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
  • salvin francis
Bartenders:
  • Tim Holloway
  • Piet Souris
  • Frits Walraven

CSRF vulnerability issue

 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
i have implemented code to avoid CSRF attacks, even then i am getting one message saying ' missing one time token parameter' below is my sample code.


Please help me i need to resolve this issue ASAP.
 
author & internet detective
Posts: 39890
798
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Where in the code does the missing token error message come from. I suspect you do not have a valid session when the login page is rendered. You can verify this by looking at the source code for the log in page in the browser. If it is blank, you know this is why.

Most people don't do CSRF checking for the login page. Wgat happens if the user logs in? He has a vallid session. But the hacker can't do anything until another update request is made. And THAT request is what you add CSRF prevention to.
 
Hot dog! An advertiser loves us THIS much:
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!