I just started learning about CSRF. As per OWASP CSRF Article CSRF is an

Question

0

Asked: May 31, 20262026-05-31T20:06:39+00:00 2026-05-31T20:06:39+00:00

I just started learning about CSRF. As per OWASP CSRF Article CSRF is an

0

I just started learning about CSRF.
As per OWASP CSRF Article

CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated

If a website doesn’t accept any user authentication or if authentication information is not stored in cookies does that mean that it is not vulnerable to CSRF.

I developed a website which asks user to enter his ticket information, checks info with database, if correct user will be navigated to a page where he needs to provide his credit card information and his record will be updated. Do I need to worry about CSRF? Or ticket information itself is considered as authentication?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-31T20:06:40+00:00

Editorial Team

2026-05-31T20:06:40+00:00Added an answer on May 31, 2026 at 8:06 pm

You have to worry about cross site request forgery if your site uses sessions that allow users to do privileged actions. Since I assume that you create a session property indicating that the user’s ticket info is valid, yes you do.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I just started learning about CSRF. As per OWASP CSRF Article CSRF is an

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply