Do login forms need tokens against CSRF attacks?
From what I’ve learned so far, the purpose of tokens is to prevent an attacker from forging a form submission. For example, if a website had a form that input added items to your shopping cart, and an attacker could spam your shopping cart with items you don’t want. This makes sense because there could … Read more