I have a web application where I have used http-handlers and jQuery for AJAX

Question

0

Asked: June 12, 20262026-06-12T14:31:09+00:00 2026-06-12T14:31:09+00:00

I have a web application where I have used http-handlers and jQuery for AJAX

0

I have a web application where I have used http-handlers and jQuery for AJAX call.
Now the problem is user can type the same URL in the browser which is generated by the jQuery and operation is being performed.
Can I send some token with the query string and then on server side I can look for the right token before performing any operation.

Hope that I have written my problem correctly.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-12T14:31:10+00:00

The above technique is called

Cross Site Request Forgery

Risk Impact

An attacker can hijack logged in users session for performing malicious transactions.

Recommendations

It is recommended implementing Page token (a random token as an additional parameter in the request) for all transaction pages. This token should be randomly generated and should be unique for each user.

The suggested URL are

http://www.owasp.org/index.php/CSRF_Guard
http://www.cgisecurity.com/csrf-faq.html

var cg = new CSRFGuard(); 
cg.SetupCSRFTokenNameAndValue(); 
SessionManager.CustomerConfig.CsrfTokenName = cg.CsrfTokenName; 
SessionManager.CustomerConfig.CsrfTokenValue = cg.CsrfTokenValue;

Thanks a lot.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a web application where I have used http-handlers and jQuery for AJAX

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply