java - Spring CSRF token life -
i implementing csrf protection using spring security per doc
one question have is: when token invalidated spring security? token gets invalidated each request submit?
by default csrf token stored in http session , generated on per-session basis. see the official spring security documentation more details. therefore, default lifecycle of csrf tokens session duration.
like else in spring security, storage , retrieval of csrf tokens can customized suit individual needs. way involve creating implementation csrftokenrepository. custom implementations alter token on per request basis, store token in relational database, , on.
java spring-security csrf-protection
No comments:
Post a Comment