CSRF protection for unauth'd users is not really multi-user #5

Open
opened 2025-03-30 16:43:45 -05:00 by ITwrx · 0 comments
Owner

It currently uses the "luck o' the draw" method. :) This is currently used for login for SSM and the contact form handling code in the dynamic/API app. If you have two users fighting to login at the same time, or two visitors fighting to use the contact form, it might make them refresh the page, or try again. Eventually, this might need to be improved, but it is low priority for now.

It currently uses the "luck o' the draw" method. :) This is currently used for login for SSM and the contact form handling code in the dynamic/API app. If you have two users fighting to login at the same time, or two visitors fighting to use the contact form, it might make them refresh the page, or try again. Eventually, this might need to be improved, but it is low priority for now.
ITwrx added the
design flaw
label 2025-03-30 16:43:45 -05:00
ITwrx added the
low priority
label 2025-03-30 16:46:18 -05:00
Sign in to join this conversation.
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ITwrxOrg/SimpleSiteManager#5
No description provided.