The CSRF token is sent to the server from the HTML AND from the cookie.

Shubhangi Vashist

May 23, 2022

The CSRF token is sent to the server from the HTML AND from the cookie. The server then performs mathematical operations on these two values and the result from each operation is compared with the result from the other, and if they are equal, then the token is the right one:

https://levelup.gitconnected.com/antiforgery-tokens-behind-the-scenes-dcddda54db8a

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Written by David Klempfner

200 Followers

62 Following

I’m a software developer who is passionate about learning how things work behind the scenes.

Responses (1)

Write a response

What are your thoughts?

Also publish to my profile

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams