Balancing security with usability when using nonce for CSRF protection
How does one balance security and usability when using nonces on a website?
Imagine a website where the same nonce is embedded in the page, and stored in the browser session.
If I were to replace the nonce on every page load then:
The use… Continue reading Balancing security with usability when using nonce for CSRF protection