Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Q: what is the point of splitting the generated random value in an "index" and a "token" part? #55

Open
gggeek opened this issue Oct 16, 2024 · 0 comments
Open

Q: what is the point of splitting the generated random value in an "index" and a "token" part? #55

gggeek opened this issue Oct 16, 2024 · 0 comments

Comments

@gggeek
Copy link

gggeek commented Oct 16, 2024

It seems to me that one could generate just one 'token' string, and use that as the index for the array stored in the session which holds the token data.

Then the validation would simply need to check if there is an array index matching the token received in the request, instead of matching both the array index and the 'token' value inside the data structure.

The code would benefit by being simplified, and the html form would only need to show 1 input field for the token instead of 2.

I see no extra security added by doing things the current way - but I am sure I must be missing something...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gggeek