I created a page, where I use the post method with Jquery for another, and return some calculations.
Trying to protect, I did the following on the page:
INDEX PAGE:
PHP
<?php
session_name('ola');
$secure = false;
$httponly = true;
ini_set('session.use_only_cookies', 1);
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
session_start();
$_SESSION['_token'] = hash('sha512', rand(100, 1000).time().'ola');
?>
HTML
<input type="hidden" name="token" value="<?php echo $_SESSION['_token']; ?>" />
JQUERY
$.post("php/infowindows.php", {token : $("[name=token]").val()}, function(d){
alert(d);
});
PAGE CALCULATIONS:
<?php
session_name('ola');
session_start();
if(!isset($_SESSION['_token']) or !isset($_POST['token']) or $_POST['token'] !== $_SESSION['_token']){
die("Erro, morri!");
}
session_regenerate_id();
?>
I saw some posts, so I decided to create my own code. In front of this, is it possible to say that he is "preventing" against CSRF attacks?