Reputation: 4690
PHP Multiple form tokens
I am considering generating a unique form token and storing it in a session, and embedding it as a hidden input in my forms.
Could I make this work for pages containing multiple forms, is it still safe to use the same token for each form?
I'm looking to detect bot requests on my website, can these form tokens really safely replace CAPTCHAs?
Upvotes: 2
Views: 478
Answers (2)
Reputation: 1143
It's absolutely fine to use the same token for all forms. Even on different pages. It's OK to generate the token in the very beginning of your users session and stick with it. Also those tokens only protect you/your users from Cross-site request forgery.
For protection from bots you still need Captchas or something equal.
Upvotes: 1
Reputation: 157870
Nope, these tokens cannot replace captchas because these things serve different purposes.
From your confusion with tokens and captchas I suppose that you don't really understand these tokens. Are you sure you need separate tokens for every form? May be one token per session would be enough?
Upvotes: 1