Salman Haq <[email protected]> wrote: > I'm building a form-based authentication system for a Quixote-based > website and was wondering what role (if any) do form tokens play in user > authentication? The form tokens I'm referring to are the random numbers > returned by Session.create_form_token() in the session module.
Their main purpose is to avoid cross-site request forgeries. I don't think to provide much extra security on login forms but probably don't hurt anything either. Regards, Neil _______________________________________________ Quixote-users mailing list [email protected] http://mail.mems-exchange.org/mailman/listinfo/quixote-users
