Menu

Add csrfpid with rewriterule to URL

Johannes
2014-07-08
2014-07-11
  • Johannes

    Johannes - 2014-07-08

    Hello,

    I am trying to add the csrfpId to the URLs of my web-app with a rewrite-rule in Apache 2.2

    #RewriteRule ^(.*) $1?%{QUERY_STRING}&&csrfpId=bla [NC,L]

    How can I get the csrfpId from the current session?
    Is there a way to do that? I would like to avoid adding the param to each URL inside my web-app manually ...

    Thanks for your help

     
  • Pascal Buchbinder

    The ID is not stored anywhere. The idea of mod_csrf is to add the ID at client side and NOT at server side in order to support JavaScript / dynamic DOM tree updates / Ajax calls etc (all the things which can be handled by content re-writing at the server).

    If you have requests which do / shall not contain the ID, you may exclude them by setting the CSRF_IGNORE variable.

     
  • Johannes

    Johannes - 2014-07-11

    OK, I didn't understood how the module is working neither the whole csrf mecanism. But I am on a good way now, thanks for your help

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.