token using ?

[UnknownPlayer]

Hi, i need to know for what is using tokens, for security or ?

And if someone can give me some little example ?

Thanks..

[trq]

We are going to need more details/examples.

[UnknownPlayer]

I dont know anything about tokens, i just know that they are used for security, i need some example with form, can you give me ?

And session token and hidden field token, and how to get token code..

[xyph]

Tokens must be impossible to predict and there must never be duplicates.

 

If you're new to programming, I suggest using PHP's built in session handler. It will generate tokens for you and manage the server<->user relationship

 

http://php.net/manual/en/session.examples.basic.php

[UnknownPlayer]

I know about sessions, but how can i generate token code ?

This is how should token works: id ($_POST['token'] == $_SESSION['token']) to continue ?

That is something like security for form post and get action ?

[xyph]

Security? I'm not sure what you mean.

[UnknownPlayer]

I thought that token can save from submiting form from other server to my file with same form and same action file and post method ?

[xyph]

No, a token will not prevent an external form submitting to your site.

 

All an attacker would need to do was request your form page, grab the token, insert it into his rouge form and submit as normal.

 

It forces an attacker to take an extra step, but the code required to beat it would take 5 minutes to write.

 

As I said in a previous post (I believe it was by you) there is NO WAY to prevent an external site from submitting a form to your page. You can practically stop automated form submissions by using reCAPTCHA.