I am currently generating a CSRF
token in my forms to prevent cross-site request forgery. It looks like:
<form method="post" action="action.php">
<input type="hidden" id="security_token" name="security_token" value="gTt96phAcretR99rafEjepHebrEZadEdezadagaZ3gAS5es33WReJeZaMADU2AWr" />
...
</form>
The problem is that I have multiple forms on a single page. Must I create a security token for each form so security_token_1
, security_token_2
, or can I simply instead of generating the security token inside of forms, append it to a property to the entire body
tag like:
<body data-csrf-token="gTt96phAcretR99rafEjepHebrEZadEdezadagaZ3gAS5es33WReJeZaMADU2AWr">
...
</body>
Is this insecure in any way? It simplifies things quite a bit, since I can simply append the security token to the body element instead of dealing with multiple security tokens.
Thanks for the insight and comments.