How to counter Cross Site Request Forgery?


We would like to create a unique string when a user logs in and pass the
string between actions. Each user can compare the incoming string with
the one stored in the session to assert whether the request is coming
from within the application or from a malicious external source.

What mechanism can we use to pass this string around?
Passing as params to the actions ,may not be an option as it can be seen
in the URL.


This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs