What is the RequestVerificationToken that I see in my request Cookie on my webpage in ASP .Net MVC?

jxbma
jxbma used Ask the Experts™
on
Hi:

I'm relatively new to figuring out the messaging and hand shaking that takes place between by client (web page) and the back end in an ASP .Net MVC based application.
These might seem like simple or off base questions.

I have 3 questions:

1) I'm examining some of the network requests between my page and back end and I'm looking at the connect$transport. Is this something that's initiated from my page or received by it?

2) Examining that request in detail, I see a number of request Cookies:
    - ASP.Net_SessionId
    - xxxAuth   (which is generated by our application)
    - __RequestVerificationToken_LOVDSQ2

  Do I have access to any of these from client side scripting (javascript/jquery)?
  If so how do I do that?

3) Exactly what is the __RequestVerification_Token?
    In looking at my webpage, I notice that there's a hidden input value where this value
    has been stuffed in.

Thanks,
JohnB
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
__RequestVerification_Token is  is an anti forgery token (prevent CSRF attack). It guarantees that the poster is the one who gets the form.

if its a cookie, you can ready it on the client. juqery have a cookie plugin you can use
here is a demo here
http://www.programming-free.com/2013/01/setting-and-getting-cookies-using.html#.UeU-z9Iwcms

I have never heard of connect$transport, it looks like this being created by whatever tool you are using to monitor traffic.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial