-1

Currently, I am sending CSRF token whenever the request is made from the jsp page to the service layer. After validating the token for the request, the token gets invalidated. I have an issue where I have multiple requests made in parallel and my token gets validated and invalidated for the first request and the subsequent requests do not pass. Token validation & generation is done using servlet filters.

Is there any other way to achieve this functionality with CSRF tokens? Making the calls synchronous will impact the performance as the UI users will have to wait for a long time before the user will have access to the page.

Is it a better way to just make a single call from jsp page and handle these multiple updates in service layer? If so, is there a better way to service the multiple requests in service layer in parallel?

Please provide me some pointers.

Thanks.

mick
  • 25
  • 1
  • 4

1 Answers1

0

You are using single-use CSRF token. But looking at the requirement you mentioned, you need session based CSRF tokens. An easy example is here: how-to-properly-add-csrf-token-using-php. Although it is done in php but implementation will be similar. Hope it helps.

sns
  • 221
  • 4
  • 17