waynew Posted October 17, 2009 Share Posted October 17, 2009 In order to prevent CSRF on certain links, I have in place something like this: <a href="logout.php?sid=<?php echo session_id(); ?>">Logout</a> Then I check to see whether or not the session_id matches the sid in the URL. Is this method pretty safe? I know that SIDs are pretty near impossible to guess. Link to comment https://forums.phpfreaks.com/topic/178023-solved-opinion-on-security-feature/ Share on other sites More sharing options...
Daniel0 Posted October 17, 2009 Share Posted October 17, 2009 That should be adequate protection. Any kind of random token will suffice. Link to comment https://forums.phpfreaks.com/topic/178023-solved-opinion-on-security-feature/#findComment-938676 Share on other sites More sharing options...
waynew Posted October 17, 2009 Author Share Posted October 17, 2009 That should be adequate protection. Any kind of random token will suffice. Thanks. It's just that any examples of protection against CSFR were based around post values. Link to comment https://forums.phpfreaks.com/topic/178023-solved-opinion-on-security-feature/#findComment-938702 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.