durusmail: quixote-users: Form-based authentication
Form-based authentication
2010-08-17
Salman Haq
2010-08-23
Neil Schemenauer
2010-08-23
Binger David
Form-based authentication
Binger David
2010-08-23
I think they also guard against unintended repeat submissions of the same form.

On Aug 23, 2010, at 1:42 PM, Neil Schemenauer wrote:

> Salman Haq  wrote:
>> I'm building a form-based authentication system for a Quixote-based
>> website and was wondering what role (if any) do form tokens play in user
>> authentication? The form tokens I'm referring to are the random numbers
>> returned by Session.create_form_token() in the session module.
>
> Their main purpose is to avoid cross-site request forgeries.  I
> don't think to provide much extra security on login forms but
> probably don't hurt anything either.
>
> Regards,
>
>  Neil
>
> _______________________________________________
> Quixote-users mailing list
> Quixote-users@mems-exchange.org
> http://mail.mems-exchange.org/mailman/listinfo/quixote-users
reply