Comments on: Protection against CSRF part 2 http://www.thespanner.co.uk/2007/08/21/protection-against-csrf-part-2/ A tool for designers dealing with programmers dealing with designers... Thu, 20 Nov 2008 23:24:09 +0000 http://wordpress.org/?v=2.6.2 By: Gareth Heyes http://www.thespanner.co.uk/2007/08/21/protection-against-csrf-part-2/#comment-461 Gareth Heyes Wed, 29 Aug 2007 09:25:42 +0000 http://www.thespanner.co.uk/2007/08/21/protection-against-csrf-part-2/#comment-461 Hi Alexander Yeah the server generates a PHP token based on the same code the client generates using javascript. The source code is available for the Javascript/PHP generation if you want to look how it works http://www.thespanner.co.uk/2007/08/15/random-javascript-and-php-generation/ Hi Alexander

Yeah the server generates a PHP token based on the same code the client generates using javascript. The source code is available for the Javascript/PHP generation if you want to look how it works

http://www.thespanner.co.uk/2007/08/15/random-javascript-and-php-generation/

]]> By: Alexander Waldmann http://www.thespanner.co.uk/2007/08/21/protection-against-csrf-part-2/#comment-458 Alexander Waldmann Wed, 29 Aug 2007 09:13:16 +0000 http://www.thespanner.co.uk/2007/08/21/protection-against-csrf-part-2/#comment-458 Works fine in firefox 2.0.0.6. Looking good overall. I guess the javascript token is created inside the server and stored in the user session? Works fine in firefox 2.0.0.6. Looking good overall.

I guess the javascript token is created inside the server and stored in the user session?

]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/08/21/protection-against-csrf-part-2/#comment-430 Gareth Heyes Thu, 23 Aug 2007 11:08:13 +0000 http://www.thespanner.co.uk/2007/08/21/protection-against-csrf-part-2/#comment-430 Source code to be released soon, any volunteers to test and improve it before release? Source code to be released soon, any volunteers to test and improve it before release?

]]>