Cross-site Request Forgery protection in web applications(Used Double Submit Cookie Pattern)
In this project used Double Submit Cookie Pattern to avoid Cross-site Request Forgery protection in a web application. The application consists of a simple login page with hard-coded credentials. Upon login, generate session identifier and set a cookie in the browser. At the same time, generate the CSRF token for the session and set a cookie in the browser. The CSRF token value is not stored in the server side. When the form is submitted to the action, the CSRF token cookie will be submitted and in the form body, the CSRF token value will be submitted. The web page that accepts the form submission, obtain the CSRF token received in the cookie and in the message body. If Validation Success, show success message. If not show error message.
git clone https://github.com/AnuradhaSD/CSRF_DoubleSubmitCookiePattern.git
- Application Implemented Using Eclipse IDE
- Appache TomCat Should be Configured(Used Tomcat V7.0)
localhost:8080/CSRF/login.jsp
UserName :asd
Password :123
Upon Sceessful login directs to Form
localhost:8080/CSRF/form.jsp