To register the user takes the password and stores it after hashing it !!
Hashing is a function which converts the data into irreversible string which can be stored without the worry of being stolen
We use session and CSRF tokens here for the logging in of the users
Cross Site Request Forgery its an vulnearibilty which allows an attacker to trick user into performing unintended actions on a website
- Attacker creates a malicious website or email with a hidden form.
- Victim clicks on the link or submits the form.
- Browser sends a request to the targeted website.
- Website processes the request, assuming it's legitimate.
A CSRF token is a unique, random value generated by the website and sent to the client with each request.
- Website generates a CSRF token and stores it in the user's session.
- Website includes the CSRF token in every form or request.
- Client sends the request with the CSRF token.
- Website verifies the CSRF token:
- If valid, processes the request.
- If invalid, rejects the request.