Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is a security token and why is it used in forms?

Tags:

security

php

I have seen in many forums and other sites that they use a security token (a long string) in their POST or GET method. For example (POST Method):

<input
    type="hidden"
    name="securitytoken"
    value="1363774829-89afb5d0fbcd2f8d55db0b675061d62bd21ca94e"
/>

GET method example:

http://www.example.com?attribute=xyz&token=f0ec0e8e1622a030cbc543d3ac42729e

What is this security token? And why is it used? What type of security does it provide? Where should it be used?

like image 675
Sitara Shaheen Avatar asked Oct 31 '25 16:10

Sitara Shaheen

1 Answers

It is probably a token to prevent "CSRF" (Cross Site Request Forgery).

For example,

  • you are logged in to the forum
  • you go to evilhacker.com
  • evilhacker has an auto-submitting form that sends spam to the forum
  • because you are logged in, you post (in your name) the spam.

But because the forum needs some token that is tied to your session (so evilhacker cannot guess it for his own form), the post is rejected and you did not post spam.

If you want to see some details, read this paper

like image 89
Nanne Avatar answered Nov 03 '25 08:11

Nanne
Sign in to Comment

Related questions

"TypeError: implode(): Argument #2 ($array) must be of type ?array, string given" in PHP 8
Adding inline styles to multiple elements in ckeditor

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!