Hi guys
I am trying to protect my forms from CSRF attacks by putting a random
key as a hidden field into my forms. This is what I do:
1. When going to the form,I do:
Key = crypto:rand_bytes(200),
Encoded = base64:encode(binary_to_list(Key)),
yaws_api:setcookie("formkey", Encoded)
2. When the form comes back, I do this to see if the cookie is set:
Res = yaws_api:find_cookie_val("formkey", A),
Based on whether I get [] or something else I proceed accordingly.
The problem is that the cookie seems not to be set as it always
returns []. Am I missing some steps?
Nii Amon
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"erlyweb" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/erlyweb?hl=en
-~----------~----~----~----~------~----~------~--~---
