Philip Herbert’s profile

I am Philip Belgrave-Herbert, UWI undergraduate & Web Developer.

Latest Comments

1

I have implemented the token on a page and it works.

My problem occurs with the multi page aspect. Can I use the same session token on different pages/forms?

What is happening is that I go to page1(with form1) set a session token, I don't submit anything, Click a link and go to page2(with form2), the session token already exists so I don't set the token var in the form, so the session token will never be the same as the token var in the form, if I came from a page where I set the token.

I have this at the top of all .php pages in question:

if (!isset($_SESSION['token']))

{

$token = md5(uniqid(rand(), TRUE));

$_SESSION['token'] = $token;

}

How should I go about using the same session token on different pages with different form?

Posted in Cross-Site Request Forgeries.

Mon, 29 Aug 2011 at 16:31:57 GMT


About

  • Twitter: @positivelymade
  • Location: Barbados
  • Joined: August 2011
  • Comments: 1