Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re: Dancer2 per-window sessions? (just another variable, url rewriting, form nonce token , xsrf csrf)

by Anonymous Monk
on Jul 02, 2019 at 07:47 UTC ( [id://11102291]=note: print w/replies, xml ) Need Help??


in reply to Dancer2 per-window sessions?

Its like a session id within a session id :)

a nonce appended to links/forms to prevent replay attacks and session riding... CSRF ... https://www.owasp.org/index.php/Session_Management#Page_and_Form_Tokens , Cryptographic nonce, Plack::Middleware::CSRFBlock, Dancer2::Plugin::CSRF, Mojolicious::Plugin::DeCSRF, ...

/foo/newnew .... issues a new nonce for the stack

All the links are nonced  /foo/nonce/view/id or some such

  • Comment on Re: Dancer2 per-window sessions? (just another variable, url rewriting, form nonce token , xsrf csrf)
  • Download Code

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://11102291]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others examining the Monastery: (4)
As of 2024-04-25 19:16 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found