• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5893
  • Last Modified:

What is the RequestVerificationToken that I see in my request Cookie on my webpage in ASP .Net MVC?

Hi:

I'm relatively new to figuring out the messaging and hand shaking that takes place between by client (web page) and the back end in an ASP .Net MVC based application.
These might seem like simple or off base questions.

I have 3 questions:

1) I'm examining some of the network requests between my page and back end and I'm looking at the connect$transport. Is this something that's initiated from my page or received by it?

2) Examining that request in detail, I see a number of request Cookies:
    - ASP.Net_SessionId
    - xxxAuth   (which is generated by our application)
    - __RequestVerificationToken_LOVDSQ2

  Do I have access to any of these from client side scripting (javascript/jquery)?
  If so how do I do that?

3) Exactly what is the __RequestVerification_Token?
    In looking at my webpage, I notice that there's a hidden input value where this value
    has been stuffed in.

Thanks,
JohnB
0
jxbma
Asked:
jxbma
1 Solution
 
SammyCommented:
__RequestVerification_Token is  is an anti forgery token (prevent CSRF attack). It guarantees that the poster is the one who gets the form.

if its a cookie, you can ready it on the client. juqery have a cookie plugin you can use
here is a demo here
http://www.programming-free.com/2013/01/setting-and-getting-cookies-using.html#.UeU-z9Iwcms

I have never heard of connect$transport, it looks like this being created by whatever tool you are using to monitor traffic.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now