当前位置:网站首页>Web security - CSRF (token)
Web security - CSRF (token)
2022-07-03 04:31:00 【the zl】
CSRF And Token
Token: token , and Session,Cookie equally , It's all identity ,Token It usually exists in URL and Cookie in
Token effect :
1, Prevent forms from being submitted repeatedly
The server receives the Token after , If and Session Same value in , At this time, the client session Medium Token Will update
2, prevent CSRF( Cross station request attack )
give an example :
Tectonic CSRF, because Token Why , So the attack failed 
Token Production process :
When the client requests the server page , The server will generate a random number Token Store in Session in , It will also session Send to client ( Generally by construction hidden), The next time a client submits a request ,Token It will be submitted to the server along with the form .
边栏推荐
- Preliminary cognition of C language pointer
- [set theory] set identities (idempotent law | exchange law | combination law | distribution rate | De Morgan law | absorption rate | zero law | identity | exclusion law | contradiction law | complemen
- Youdao cloud notes
- 2022 Shandong Province safety officer C certificate examination content and Shandong Province safety officer C certificate examination questions and analysis
- [dynamic programming] subsequence problem
- 使用BENCHMARKSQL工具对kingbaseES执行灌数据提示无法找到JDBC driver
- Design and implementation of JSP logistics center storage information management system
- How to retrieve the password for opening word files
- Mongodb slow query optimization analysis strategy
- [set theory] set concept and relationship (true subset | empty set | complete set | power set | number of set elements | power set steps)
猜你喜欢
Redis persistence principle
Web - Information Collection
Php+mysql registration landing page development complete code
Daily question - ugly number
redis 持久化原理
SSM based campus part-time platform for College Students
Two points -leetcode-540 A single element in an ordered array
Contents of welder (primary) examination and welder (primary) examination in 2022
Data Lake three swordsmen -- comparative analysis of delta, Hudi and iceberg
Function introduction of member points mall system
随机推荐
[set theory] binary relation (example of binary relation on a | binary relation on a)
Wine travel Jianghu War: Ctrip is strong, meituan is strong, and Tiktok is fighting
Competitive product analysis and writing
[fairseq] error: typeerror:_ broadcast_ coalesced(): incompatible function arguments
2022-02-12 (338. Bit count)
Redraw and reflow
The latest activation free version of Omni toolbox
金仓数据库KingbaseES 插件kdb_exists_expand
After job hopping at the end of the year, I interviewed more than 30 companies in two weeks and finally landed
[set theory] ordered pair (ordered pair | ordered triple | ordered n ancestor)
2022 chemical automation control instrument examination summary and chemical automation control instrument certificate examination
Basic use of continuous integration server Jenkins
有道云笔记
Joint set search: merge intervals and ask whether two numbers are in the same set
Priv-app permission异常
多板块轮动策略编写技巧----策略编写学习教材
FFMpeg filter
Fcpx template: sweet memory electronic photo album photo display animation beautiful memory
PostgreSQL database high availability Patroni source code learning - etcd class
Integration of Android high-frequency interview questions (including reference answers)