Open Changaco opened 6 years ago
Reusing a CSRF token throughout a browser session is theoretically not as secure as generating a different one for every form.
Reports: https://hackerone.com/reports/361130 and https://hackerone.com/reports/361400.
Another related report (not public yet): https://hackerone.com/reports/361414.
Reusing a CSRF token throughout a browser session is theoretically not as secure as generating a different one for every form.
Reports: https://hackerone.com/reports/361130 and https://hackerone.com/reports/361400.