is there any reason for me to place the session ID within a form, as a hidden form field?
Thank you everyone!! :)
This is a part of one of the possible methods for preventing against cross-site request forgery attacks.
It can be used in the Synchronizer Token Pattern.
It can also be used in the "Double-Submit Cookies" method mentioned at the bottom of the page linked to above.
The only reason would be to maintain session state for all users including the ones that have disabled cookies.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With