ASP.Net MVC: Preventive Method for URL Request Forgery

Question

Just reading an article from this link https://www.codeproject.com/Articles/130588/Preventive-Method-for-URL-Request-Forgery-An-Examp on Preventive Method for URL Request Forgery

this article show we should append hash generated from query string to prevent URL Request Forgery.

when they create hash then they use seesion id and datetime as salt key but my question is suppose user session expire and then user click on link. then validateToken function will fire and compare hash data and querystring but if session expire then new session id will be generated then problem may occur....am i right? should we use session id as salt?

string salt = HttpContext.Current.Session["url_dynamickey"].ToString() + 
        DateTime.Now.ToShortDateString() + " " + DateTime.Now.Hour;

please share right guide line.

You apply security on the server, not in the browser or in query strings. Why do you think you need to do this? What problem are you trying to solve? — , Feb 19 '18 at 21:44
@StephenMuecke i am facing a problem to create association between student and hobbies. i posted my problem to this link. please visit and share your valuable code & suggestion. https://stackoverflow.com/questions/48882484/asp-net-mvc-how-to-associate-hobbies-with-each-student — Monojit Sarkar, Feb 20 '18 at 10:03

ASP.Net MVC: Preventive Method for URL Request Forgery

0 Answers0