CSRF Protection

Is it enough just to use secure random token stored in session to protect from CSRF attack?

How I made it:

  1. Generate secure long random token
  2. Store it in session
  3. Put it inside hidden html form field
  4. Check token from session and form field on form submition, if they match procced with form validation proces

Is this enough?

Best regards,

That seems to be how Laravel does it. You might want to check out their documentation to see if it will shed some light on this technique.

1 Like

There is a podcast about it here if that helps.

I just checked Laravel documentation, it is same and Laravel add token in csrf-token meta tag.
Thank you @WebMachine for response.

Best regards.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.