jwt-csrf icon indicating copy to clipboard operation
jwt-csrf copied to clipboard

Published 20 hours ago verified publisher icon krakenjs

Keep uid unique across single request

Open bluepnume opened this issue 8 years ago • 0 comments

Problem:

a) User calls to generate header token with UID X b) Header token gets dropped on request end with UID Y c) Cookie gets dropped with UID Y

The UID doesn't match between a) and c) so CSRF breaks. Need to persist the UID in req to make sure this doesn't happen.

bluepnume avatar Dec 06 '16 22:12 bluepnume