Lessons: 20Length: 2.1 hours

Next lesson playing in 5 seconds

  • Overview
  • Transcript

3.11 Cross-Site Request Forgery

A cross-site request forgery (CSRF) attack occurs when an attacker directs someone to a website that forwards a forged request to the server using the person's own credentials. In this video, I'll discuss cookie expirations, secure cookies, CSRF tokens, stale sessions, and using the browser Origin header to reject requests sent from invalid locations.