Is Antiforgery Validation really needed for Login page when external return URL is not allowed?
I fallen in a scenario that
User opens two tabs for login page and try to login on both
Instead of showing an error message to user (I can’t think of a good meaningful message to explain antiforgery validation to end user anyways), I wan… Continue reading Is Antiforgery Validation really needed for Login page when external return URL is not allowed?