is putting token in URL secure to prevent CSRF attacks in PHP applications?
问题 I want to use a token to prevent CSRF attacks on my website (written with PHP). I've used it in forms and it works well. But logout link is not a form; It is only a hyperlink. Is it secure if I put the token in the query string like this: <a href="logout.php?token=9ae328eea8a72172a2426131a6a41adb">Logout</a> If it has any problem, what is your suggestions and solutions ? 回答1: I think one of main disadvantages of using CSRF-token in GET requests is possibility of incompetent user to easily