当前位置:网站首页>Web security - CSRF (token)
Web security - CSRF (token)
2022-07-03 04:31:00 【the zl】
CSRF And Token
Token: token , and Session,Cookie equally , It's all identity ,Token It usually exists in URL and Cookie in
Token effect :
1, Prevent forms from being submitted repeatedly
The server receives the Token after , If and Session Same value in , At this time, the client session Medium Token Will update
2, prevent CSRF( Cross station request attack )
give an example :
Tectonic CSRF, because Token Why , So the attack failed 
Token Production process :
When the client requests the server page , The server will generate a random number Token Store in Session in , It will also session Send to client ( Generally by construction hidden), The next time a client submits a request ,Token It will be submitted to the server along with the form .
边栏推荐
- 2022 new examination questions for the main principals of hazardous chemical business units and examination skills for the main principals of hazardous chemical business units
- How to retrieve the password for opening word files
- Priv app permission exception
- Kingbasees plug-in KDB of Jincang database_ date_ function
- Integration of Android high-frequency interview questions (including reference answers)
- 220214c language learning diary
- Youdao cloud notes
- 2022-02-13 (347. Top k high frequency elements)
- 2022 chemical automation control instrument examination summary and chemical automation control instrument certificate examination
- 有道云笔记
猜你喜欢
2022 Shandong Province safety officer C certificate examination content and Shandong Province safety officer C certificate examination questions and analysis
GFS distributed file system (it's nice to meet it alone)
Arthas watch grabs a field / attribute of the input parameter
Auman Galaxy new year of the tiger appreciation meeting was held in Beijing - won the double certification of "intelligent safety" and "efficient performance" of China Automotive Research Institute
Php+mysql registration landing page development complete code
How to retrieve the password for opening word files
Jincang KFS data bidirectional synchronization scenario deployment
Database management tool, querious direct download
![[pat (basic level) practice] - [simple simulation] 1063 calculate the spectral radius](/img/01/c118725f74e39742df021b5dbcc33b.jpg)
[pat (basic level) practice] - [simple simulation] 1063 calculate the spectral radius
Introduction of pointer variables in function parameters
随机推荐
使用BENCHMARKSQL工具对KingbaseES预热数据时执行:select sys_prewarm(‘NDX_OORDER_2 ‘)报错
Which Bluetooth headset is cost-effective? Four Bluetooth headsets with high cost performance are recommended
Internationalization and localization, dark mode and dark mode in compose
Dismantle a 100000 yuan BYD "Yuan". Come and see what components are in it.
Php+mysql registration landing page development complete code
Pyqt control part (II)
2022 Shandong Province safety officer C certificate examination content and Shandong Province safety officer C certificate examination questions and analysis
When using the benchmarksql tool to preheat data for kingbasees, execute: select sys_ Prewarm ('ndx_oorder_2 ') error
GFS distributed file system (it's nice to meet it alone)
金仓数据库KingbaseES 插件kdb_exists_expand
MySQL field userid comma separated save by userid query
redis 持久化原理
Matplotlib -- save graph
Solve BP Chinese garbled code
2022-02-13 (347. Top k high frequency elements)
P35-P41 fourth_ context
Priv-app permission异常
[set theory] inclusion exclusion principle (including examples of exclusion principle)
[no title] 2022 chlorination process examination content and free chlorination process examination questions
What's wrong with SD card data damage? How to recover SD card data damage