CSRF token expires during login

前端未结

关注

 4  2462

挽巷 2021-02-01 08:57

I\'m working on Spring web application and I need to avoid problem with expire csrf token on login page, because if user is waiting too long and try to login only one way to res

4条回答

盖世英雄少女心 (楼主)

2021-02-01 09:22
You can also make your CSRF protection rely on cookies and NOT server side session state. Spring Security has full support for this.

CookieCsrfTokenRepository

You will only receive a timeout if your cookie expires. This scales well since it's basically stateless (from the server's perspective).
```
@EnableWebSecurity
public class WebSecurityConfig extends
        WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf()
                .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
    }
}
```
Andrew
0 讨论(0)

查看其它4个回答
发布评论:

提交评论
- 加载中...