My application will create a batch of new accounts on a Pitchfork attack. My application provides a authenticity token when the signup form is viewed. I want to invalidate this token once the first PUT request containing this token arrives, so that no other user accounts can be created using the same token. In other words, every time an account should be created, the signup form should be viewed first.
Asked
Active
Viewed 108 times
0
-
What is a pitchfork attack? – Kris Feb 01 '19 at 13:04
-
multiple payload(parameters) sets – user2868259 Feb 01 '19 at 14:21
-
If you are talking about the Rails CSRF token you invalidate it by resetting or nulling the session. But it sounds more like what you want is a custom store of authentication tokens either in the database or memory based storage. – max Feb 01 '19 at 16:23
-
Note that the Rails CSRF token is only really intended to counter CSRF. It does not actually protect against double submissions. – max Feb 01 '19 at 16:25