Published 18 years 7 months ago • Last updated March 22, 2025 • ⏱️ < 1 min read
I had a great idea to protect against CSRF, use my random Javascript creation technique! I already knew it was possible to use it in this way but I wanted a nice solution that anyone could incorporate into their site.
PHP first creates a random session key using random code blocks, then Javascript does the same. The code then appends the session key onto every URL and inserts a hidden field in every form. Then when clicking a link or submitting a form the session key is compared by the server to session key provided and then allows or denies the request.
So here it is my Javascript Cross Site Request Forgery Protection Kit or JSCK for short :) :- JSCK demo
I will be releasing this code as open source once I've cleaned it up a bit so everyone can use it because I think it's a cool idea.