ASM CSRF Expiration Time token

Question

Hello&nbsp;
I have recently implemented CSRF protection on few web based applications, so far so good but now I would like to enable expiration-time on the token so that it will be renewed every x seconds . 
What do you think is a good value for the expiration time? 1s, 10 s , 120 s ? 
Ideally it would be great to get it renewed every request but there is no such option so I am wondering if it is safe to set it up to 10s&nbsp;
Many thanks&nbsp;

boneyard · Answer

i don't believe it works quite like that. it is the time the cookie is valid for after the page has been send, else you get an event that it isn't valid and you have to submit the request again ( i believe that means reloading the page ).&nbsp;
so i wouldn't set it too low because your users will get blocked requests.&nbsp;

Forum Discussion

ASM CSRF Expiration Time token

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

iControl REST Authentication Token Management

LTM Certificate expire

question of limitation and expiration for rest api token

set TOKEN [getfield [HTTP::uri]

How To Protect Your Applications from Cross Site Request Forgery (CSRF) with F5 Distributed Cloud