Forum Discussion
2 Replies
Sort By
sources?
- samstepCirrocumulus
Yes, the ASM is indeed using a TS cookie to store the random token. This is described in Solution SOL11903:
https://support.f5.com/kb/en-us/solutions/public/11000/900/sol11903.html
This is a so-called Double-Submit Cookie Protection. It works because the attackers cannot read or modify the cookie value "cross-site" due to Same-Origin-Policy of browsers. Sure the attacker can replay cookies from the previous request, but it won't match the token in the next request.
OWASP CSRF Prevention Cheatsheet is a good resource for CSRF information, it describes Double-Submit Cookies among other protections, link here:
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
Hope this helps,
Sam