cURL CSRF Token

Question

I few months ago, my colleague created an calendar subscription by getting the work schedule. I believe he has done this by cURL.

Now I\'m building a website to have

Answer 1

The idea behind CSRF defense is based around generating a unique token for each page load which you have to pass with the form.

You will have to load the page with the form, extract the token from the page and pass that along with the POST request. Typically, after any attempt, the token is invalidated and you must request the form again to get a new token.

The CSRF token is stored in the session, so the server can see if the one generated on the form matches the one supplied with the request sending the form.