node.js - How to resolve issue with handling csrf with multiple tabs in express/nodejs? -

-

i built csrf protection in nodejs/express application following config:

var app = express(),     cookieparser = require('cookie-parser'),     session = require('express-session'),     csrf = require('csurf');  app.use(cookieparser()); app.use(session({     , saveuninitialized: true     , resave: true     , store: new mongostore() }));  app.use(flash());

and following login form:

<form action="/process" method="post">   <input type="hidden" name="_csrf" value="{{csrftoken}}">   <button type="submit">submit</button> </form>

the problem arives when user opens 2 browser tabs , end of story getting ebadcsrftoken error @ this line:

let's see following case:

  1. user opens form above in 2 separate tabs.
  2. in first tab logout , signin again.
  3. then switches second tab, click submit , ebadcsrftoken error.

i need point destroy session in logout route:

app.route('/auth/signout')     .get(function (req, res, next) {          return req.session.destroy(function (err) {             if (err) return next(err);              return res.redirect('/');         });     });

because fact destroy session destroy secret key stored there. destroing leads invalid token on second tab , ebadcsrftoken error.

i need resolve case somehow. in case? show popup reload page or reload page automatically?

the csrf token should set , retrieved cookie before form submission. suppose, open taba csrf c1. once open tab2, csrf changes c2. but, if set in cookies, fetching csrf cookies in taba give c2 csrf token.

same thing can concluded session->logout->new_session. save , fetch cookie. since logged in after logout in tab2, tab1 have cookies of tab2 , csrf token.


Comments

Post a Comment

Popular posts from this blog

Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:2.12:test (default-test) on project.Error occurred in starting fork -

-
i searched on internet provided answers did not in building project. the error starting fork. tried following methods: mvn clean install -u when searched, people said because of java 7 , should work java 6. using java 6 only. some said set surefire plugin this: <groupid>org.apache.maven.plugins</groupid> <artifactid>maven-surefire-plugin</artifactid> <version>2.5</version> <configuration> <skiptests>false</skiptests> <testfailureignore>true</testfailureignore> <forkmode>once</forkmode> </configuration> the actual error is: [error] failed execute goal org.apache.maven.plugins:maven-surefire-plugin:2.12:test (default-test) on project junitcategorizer.instrument: error occurred in starting fork, check output in log -> [help 1] org.apache.maven.lifecycle.lifecycleexecutionexception: failed execute goal org.apache.maven.plugins:maven-surefire-plugin:2...
Read more

windows - Debug iNetMgr.exe unhandle exception System.Management.Automation.CmdletInvocationException -

-
i fired windows 7 machine today , attempting start intemgr.exe process terminates immediately. started process under debugger. seems process terminating following exception: system.management.automation.cmdletinvocationexception . dumping exceptions on heap yields following results. heap has few more exception listed below. so based on research exception happens when cmdlet encounters terminating error. method call before processrecord(). provides record-by-record processing functionality cmdlet. windows powershell runtime calls method multiple times each instance of cmdlet in pipeline. how can inspect pipeline debugger? exception object: 0000000002702940 exception type: system.management.automation.itemnotfoundexception message: cannot find path 'c:\windows\system32\windowspowershell\v1.0\modules\applicationserver\applicationserver.dll' because not exist. innerexception: <none> stacktrace (generated): sp ip function 000000001...
Read more

configurationsection - activeMq-5.13.3 setup configurations for wildfly 10.0.0 -

-
hi new work on activemq, trying access messages send activemq in mdb onmsg() method unable things done here sample standalone-full.xml configuration. <subsystem xmlns="urn:jboss:domain:messaging-activemq:1.0"> <jms-queue name="favouritesqueue" entries="queue/favouritesqueue"/> </server> </subsystem> mdb configuration <mdb> <resource-adapter-ref resource-adapter-name="activemq-ra.rar"/> <bean-instance-pool-ref pool-name="mdb-strict-max-pool"/> </mdb> <subsystem xmlns="urn:jboss:domain:resource-adapters:4.0"> <resource-adapters> <resource-adapter id="activemq-ra.rar"> <archive> activemq-rar-5.13.3.rar </archive> <transaction-support>xatr...
Read more