Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ch. 11 and 12 - Address logout CSRF issue #33

Open
rpicard opened this issue Feb 8, 2014 · 1 comment
Open

Ch. 11 and 12 - Address logout CSRF issue #33

rpicard opened this issue Feb 8, 2014 · 1 comment

Comments

@rpicard
Copy link
Owner

rpicard commented Feb 8, 2014

What is the best way to handle logouts? Is it a CSRF protected form inserted onto every page with a logout link? That sounds like a pain in the ass. Should it just be shrugged off as insignificant? That doesn't sit right with me.
@rpicard
Copy link
Owner Author

rpicard commented Feb 8, 2014

Just to clarify, I'm referring to the CSRF vulnerability discussed here: http://www.codinghorror.com/blog/2008/09/cross-site-request-forgeries-and-you.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rpicard