![]() ![]() This usually happens even if the request is originated from a different website. With each request to the server, the browser sends the related cookie that identifies the current user's session. ![]() Typically, session management in a web application is based on cookies. In fact, the CSRF vulnerability relies on the authenticated session management. The user must also have an active session on the website. If the user has an active authenticated session on the trusted website, the request is processed as a legitimate request sent by the user.Īs you can see, having the website affected by a CSRF vulnerability is not enough to make the attack successful. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |