asp.net - check if form was submitted from my website -


i have signin form on website inside page users can search stuff after signing in.

there third party mobile application letting users signin through submitting form on signin.aspx page website.

my question how can tell if form being submitted third party , not website?

as claudio stated, can not reliably use "referer" value. value can spoofed. safer approach employ csrf token, or akin that.

for example, include asp.net session id in hidden form element. then, when form submitted, compare value of form element user's session id. if not match, form submission didn't come website.


Comments

Popular posts from this blog

c++ - Creating new partition disk winapi -

Android Prevent Bluetooth Pairing Dialog -

VBA function to include CDATA -