https://wiki.owasp.org/index.php?action=history&feed=atom&title=CRV2_CSRFIssuesCRV2 CSRFIssues - Revision history2026-05-05T14:37:54ZRevision history for this page on the wikiMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=CRV2_CSRFIssues&diff=161090&oldid=prevAbbas Naderi: simple CSRF protection for PHP2013-10-18T19:37:30Z<p>simple CSRF protection for PHP</p>
<p><b>New page</b></p><div>Having CSRF-proof forms and actions is a complex task, and very prone to human-error. The most effective means of mitigating it is incorporating it into a widget library, for example OWASP PHP Security Widget library, which automaticlaly uses CSRF protection.<br />
<br />
CSRF Protection for GET and COOKIE elements is hard and not recommended, therefore all operations that change the state of the application in someway should be implemented using HTTP Post (or other HTTP state changing requests).<br />
<br />
Generally, CSRF protection is achieved by generating cryptographically secure, '''required''' parameters into HTML forms, and checking them back when they are submitted. If they are submitted and valid, they should get expired.</div>Abbas Naderi