php - If We Validate User Is Logged In or Not, Do We Still Need To Use FORM Tokens To Avoid CSRF Attacks?
问题描述
Let's assume when a form is submitted, a request is sent to FormToDatabase.php
FormToDatabase.php verifies if the user is logged in or not using
if(!isset($_SESSION['user'])){
echo 'Log In First';
die();
}
When it comes to CSRF, the attacker won't be able to send the request because the user needs to be logged in.
So, is it necessary to use form/link tokens for extra security or not?
解决方案
推荐阅读
- c++ - 存储向量的值
- postgresql - laravel:插入数据库后如何返回多列?
- node.js - 模拟时钟偏差场景
- django - 如何 order_by ini views.py Django by user.first_name
- r - 如何在 sparklyr 中创建垃圾箱?
- sql - SQL Date 仅显示日期而不显示 YYYY MM DD
- ios - Swift 4.2 Make bottom of tableView move up when keyboard shows
- r - Reddit 使用 rvest 时只返回 25 个帖子而不是 100 个
- asp.net - Connection Timeout Expired 当同时有很多请求时
- bash - Haxe/Bash:从通过 haxe `-cmd` 选项运行的 Bash 脚本调用内置的 Bash `read`