CSRF protection in web applications via Double Submit Cookies Patterns

As mentioned in the previous posts Cross-Site request forgery is an attacker forcing a User to execute a command in a web application which he has already authenticated. 

This article discusses a method using double cookie submit to prevent that attack. This method is also called the stateless CSRF method since the server does not save any information about the cookie. 

• This is an interface to enter login credentials on a website.

Cross-site Request Forgery protection in web applications via Synchronizer Token Patterns

Cross-Site Request Forgery is done with attacker tricking a victim into making a request he did not intend to do. As in above diagram attacker manipulate the trust application has on victims browser. 

How to make a PHP OAuth 2.0 server

When dealing with OAuth, it is implemented as three-legged OAuth or two-legged OAuth server. The major contrast between them is that two-legged authentication doesn’t involve with another user. As an example, if you want to access your twitter accounts information you would use the three-legged server. So let’s focus on three-legged variety since it is more applied in the practical world.

We use OAuth PHP and the library is hosted on google code, but it can still be installed using Composer. For details check out the composer.json file in code that accompanies this article available on GitHub.