url with "CSRF_TOKEN=b9488472c08bed162ec910c5" as part of it

Schuyler Kuhl
Schuyler Kuhl used Ask the Experts™
on
Greetings,

I have a bad feeling about this.  I have noticed a site where the url's show something like page_name.php?CSRF_TOKEN=b9488472c08bed162ec910c5a21

Can anyone tell me what that is?  I found the wikipedia article on Cross-site request forgery.

How can I tell why that domain is adding that to all urls?

Thanks very much.

Sky
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
If I look at the source of the home page at the bottom is this:

This is below my own </body></html>
unusual-html.txt
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
That looks like old code and an attempt to allow Cross-site request forgery, not prevent it.  Is that there in the original source?  Can you edit it and re-upload it to see if it is being caused by the server?

Author

Commented:
What would I edit?  I can only find that code in the source of the page.  Not on the code of the page when I am editing it.
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
Well, that was part of the question.  Have you re-uploaded the page to see if it is still there when you know it wasn't in your original code?  If it re-appears, then something on the server is putting it there.  Check any javascript that you may be loading for that page.  An even easier test is to put a very simple HTML page up and see if it gets added to that.  Like this:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>Hello World</title>
</head>
<body>
<h1>Hello World</h1>
</body>
</html>

Open in new window

Author

Commented:
Yes.  Thank you.  It only appears in the url after clicking on a link within the site.  I have also checked other sites on the same server and haven't found that same info in the url.
Fixer of Problems
Most Valuable Expert 2014
Commented:
Something is putting it there and generating that code in your pages.  ??

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial