Forum Discussion

2funky_105078's avatar
Sep 08, 2016

ASM uses TS cookies as well against CSRF

I understoof ASM injecting a token in fields on static HTML POST forms or cliende side scripts to protect against CSRF.

 

But i read somewhere that it uses as well the main TS cookie, how does it work exactly? An attacker can just replay the TS cookie...