https://www.question2answer.org/qa/tag/token Powered by Question2Answer https://www.question2answer.org/qa/46744/csrf-solution-about-qa-caching-plugin-is-safety <p>To PHP&nbsp;developers:</p> <p>I am developing&nbsp;<a rel="nofollow" href="http://www.question2answer.org/qa/46578">caching&nbsp;plugin</a>&nbsp;for Q2A. I have one <a rel="nofollow" href="http://www.question2answer.org/qa/46627">big problem</a> about CSRF protection. I changed&nbsp;protection code on all forms on all pages&nbsp;from one time token to same&nbsp;session-ID (PHPSESSID)&nbsp;with Javascript.</p> <p>My questions:</p> <ol> <li>Do you think this measure is effective against CSRF attack?</li> <li>Do you know any other effective way?</li></ol> <p>Thank you for your cooperation.</p> Plugins https://www.question2answer.org/qa/46744/csrf-solution-about-qa-caching-plugin-is-safety Wed, 22 Jul 2015 02:27:54 +0000