CSRF Double Submit Cookie is basically “not Secure”

前端未结

关注

 0  1225

From OWASP page : A CSRF attack works because browser requests automatically include all cookies including session cookies.

To prevent it, we can use double-submit cookie