csrf #10

Open
dvv opened this Issue Apr 4, 2011 · 0 comments

Comments

Projects
None yet
1 participant

dvv commented Apr 4, 2011

Hi!

Am I right that since the secure session cookie gets updated on every request and is definitely a nonce, it can be used also as CSRF token for free?

TIA,
--Vladimir

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment