PHP CSRF measures

2013.11.2

I knew the term “CSRF measures” itself, but I didn’t understand it well until now. I’m going to make a note of it in my own way.

What are CSRF measures?

To put it crudely, malicious site scripts and redirects can lead to unintended consequences of other This is a measure to prevent malicious manipulation of the website.

For example, if you access a malicious site called A, you may have wasted your time and money on a good site called B. It could look as if you posted it, or something like that.

What measures can be taken?

There are many ways to be rigorous, but here are some ways to do it.

1. A string that is hard to guess and changes every time is used as a session value and a hidden form value (hidden) I’ll let you both have it.
2. When a post is made, its value is compared.
3. If the values are the same, it is assumed that the post came from your own site, and if the values are different, it is assumed that the post came from outside and processed. be (a person)

Code examples

 
<!doctype html>