Did you check out the http headers return from yaws? Firebug should
help with that.
Yariv
On Wed, Oct 15, 2008 at 4:16 AM, nii amon <[EMAIL PROTECTED]> wrote:
>
> Hi guys
>
> I am trying to protect my forms from CSRF attacks by putting a random
> key as a hidden field into my forms. This is what I do:
>
> 1. When going to the form,I do:
>
> Key = crypto:rand_bytes(200),
> Encoded = base64:encode(binary_to_list(Key)),
>
> yaws_api:setcookie("formkey", Encoded)
>
> 2. When the form comes back, I do this to see if the cookie is set:
>
> Res = yaws_api:find_cookie_val("formkey", A),
>
> Based on whether I get [] or something else I proceed accordingly.
>
> The problem is that the cookie seems not to be set as it always
> returns []. Am I missing some steps?
>
> Nii Amon
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"erlyweb" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/erlyweb?hl=en
-~----------~----~----~----~------~----~------~--~---
