Cross-Site Request Forgery

I have a site which uses [ValidateAntiForgeryToken] and @Html.AntiForgeryToken() to create the AntiForgeryToken and it works. The issue I have though is if a potential hacker is able to access the session on the users computer, they can still use the valid token and make queries.
How do I prevent this?

If there isn’t a valid token then the form isn’t submitted and I get the error saying no valid token is assigned.

If you need more information, please let me know.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.