On 21 January 2013 09:26, . <oscar.vives@gmail.com> wrote:
On 21 January 2013 07:19, Matt Palmer <mpalmer@hezmatt.org> wrote: ...
If the form is submitted without the correct POST value, if their IP address changed, or after too many seconds since the timestamp, then redisplay the form to the user, with a request for them to visually inspect and confirm the submission.
Which is decidedly more user-friendly than most people implement, but suffers from the problem that some subset of your userbase is going to be using a connection that doesn't have a stable IP address, and it won't take too many random "please re-confirm the form submission you made" requests before the user gives your site the finger and goes to find something better to do.
You want to stop the CSRF problem, but you want to support a user making the login in a IP, and submiting a "delete account" button *the next second* from a different IP. then you want this solution to be better cost effective than cookies.
Maybe ask the user his password.
<form method="post"> <input type="hidden" name="id_user" value="33"> <input type="hidden" name="action" value="delete_user"> <input type="submit" value="Delete user"> <p>For this action you must provide the password. </p> <input type="password" name="password" value=""> </from>
Even if this request come from a IP in china, you can allow it.
So this solution can be read has: - Do nothing to avoid CSRF. - Except for destructive actions, where you ask for the password. -- -- ℱin del ℳensaje.