Preventing CSRF in ASP


DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 2 of 2

Thread: Preventing CSRF in ASP

  1. #1
    Join Date
    Aug 2009
    Posts
    1

    Unhappy Preventing CSRF in ASP

    Guys,
    I have an classic asp page which has a form submitting to itself. I have to prevent CSRF in the page. So, I went

    with using a hidden random variable in the form and a session variable to store it. Here is similar code.

    This works fine unless user clicks back button.If back button is clicked, Somehow the session and form value

    don't match for first time (clicking on Add button). Next Clicking on Add works fine.

    Please help me. I got Stuck here.

    Any knowledge regarding session and back button is appreciated.


    mypage.asp
    ------------
    <html>
    <body>

    <%
    if(request.form("add")="true") then
    'here is the anti-csrf check
    if(Int(session.Contents("uid"))=Int(request.form("uid"))) then

    'Do some Critical DB operations
    end if

    end if

    %>
    <%
    randomize
    uid=rnd*10000+rnd*9
    session("uid")=uid
    %>
    <form name="f1" action="mypage.asp" method="POST">
    <input type="text" name="name"/>
    <input type="hidden" name="add" value="true"/>
    <input type="hidden" name="uid" value="<%=uid%>"/>
    </form>

    </body>
    </html>

  2. #2
    Join Date
    Oct 2009
    Posts
    1
    Life is too short to be serious, laugh it up.

Similar Threads

  1. Replies: 1
    Last Post: 09-03-2009, 05:23 PM
  2. convert my asp pages to asp.net
    By Emad Ramadan in forum ASP.NET
    Replies: 4
    Last Post: 09-30-2008, 07:12 AM
  3. Replies: 0
    Last Post: 02-22-2002, 07:44 AM
  4. Re: Bitten by the ASP
    By Keith Franklin, MCSD in forum Talk to the Editors
    Replies: 18
    Last Post: 09-27-2000, 11:48 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center