I think they also guard against unintended repeat submissions of the same form.
On Aug 23, 2010, at 1:42 PM, Neil Schemenauer wrote: > Salman Haq <[email protected]> wrote: >> I'm building a form-based authentication system for a Quixote-based >> website and was wondering what role (if any) do form tokens play in user >> authentication? The form tokens I'm referring to are the random numbers >> returned by Session.create_form_token() in the session module. > > Their main purpose is to avoid cross-site request forgeries. I > don't think to provide much extra security on login forms but > probably don't hurt anything either. > > Regards, > > Neil > > _______________________________________________ > Quixote-users mailing list > [email protected] > http://mail.mems-exchange.org/mailman/listinfo/quixote-users _______________________________________________ Quixote-users mailing list [email protected] http://mail.mems-exchange.org/mailman/listinfo/quixote-users
