Cross-Site Request Forgery (CSRF) Attack

What is CSRF?

CSRF attacks occur when a malicious website tricks a user's browser into making unintended requests to a trusted website where the user is authenticated. For example:

1. A user logs into their bank's website and stays authenticated.
2. The user visits a malicious site while still logged in.
3. The malicious site sends a request (e.g., transferring money) to the bank's website on behalf of the user.

Since the user's browser includes the authenticated session cookies with the request, the bank's server might execute the malicious request unless additional protections are in place.

A CSRF token (Cross-Site Request Forgery token) is a security measure used to protect web applications from Cross-Site Request Forgery (CSRF) attacks.

Why is it effective?

The token ensures that a malicious site cannot craft a valid request because:

• The token is tied to the user's session and cannot be guessed.
• The attacker does not have access to the token stored in the user's session or on the page.

How does the CSRF Token help?

A CSRF token is a secret, unique, and unpredictable value generated by the server for each user session. It is included in forms or requests and validated by the server. Here's how it works:

1. When a user loads a page with a form or performs an action, the server generates a CSRF token and includes it as a hidden field in the form or a custom header in requests.
2. When the user submits the form or performs an action, the CSRF token is sent back to the server along with the request.
3. The server verifies that: the CSRF token matches the one stored for the user's session and that the request originated from a trusted source.
4. If the token is invalid or missing, the server rejects the request, preventing the attack.

CSRF Token vs SameSite Cookies

CSRF tokens can be used alongside the SameSite cookie attribute (e.g., SameSite=Strict or Lax), which also helps prevent cross-site requests by restricting cookies in cross-origin contexts.